ISO 31000:2009- Risk Management Principles and Guidelines

ISO 31000 is intended to be a family of standards relating to risk management codified by the International Organization for Standardization. The purpose of ISO 31000:2009 is to provide principles and generic guidelines on risk management. ISO 31000 seeks to provide a universally recognised paradigm for practitioners and companies employing risk management processes to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters and regions.
Currently, the ISO 31000 family is expected to include:

• ISO 31000:2009 _ Principles and Guidelines on Implementation[1]
• ISO/IEC 31010:2009 - Risk Management - Risk Assessment Techniques
• ISO Guide 73:2009 - Risk Management - Vocabulary

Introduction

ISO 31000 was published as a standard on the 13th of November 2009, and provides a standard on the implementation of risk management. A revised and harmonized ISO/IEC Guide 73 was published at the same time. The purpose of ISO 31000:2009 is to be applicable and adaptable for "any public, private or community enterprise, association, group or individual."[2] Accordingly, the general scope of ISO 31000 - as a family of risk management standards - is not developed for a particular industry group, management system or subject matter field in mind, rather to provide best practice structure and guidance to all operations concerned with risk management.

Scope

ISO 31000:2009 provides generic guidelines for the design, implementation and maintenance of risk management processes throughout an organization. This approach to formalizing risk management practices will facilitate broader adoption by companies who require an enterprise risk management standard that accommodates multiple ‘silo-centric’ management systems.[3]
The scope of this approach to risk management is to enable all strategic, management and operational tasks of an organization throughout projects, functions, and processes to be aligned to a common set of risk management objectives.
Accordingly, ISO 31000:2009 is intended for a broad stakeholder group including:

• executive level stakeholders
• appointment holders in the enterprise risk management group
• risk analysts and management officers
• line managers and project managers
• compliance and internal auditors
• independent practitioners.

Risk Conceptualization

Main article: Risk
One of the key paradigm shifts in ISO 31000 is how risk is conceptualized, under the ISO 31000:2009 and a consequential major revision of the terminology in ISO Guide 73, risk with respect to the "effect of uncertainty on objectives". [4]

ISO 31000 Framework approach

ISO 31000:2009 has been received as a replacement to the existing standard on risk management, AS/NZS 4360:2004 (In the form of AS/NZS ISO 31000:2009). Whereas the Standards Australia approach provided a process by which risk management could be undertaken, ISO 31000:2009 addresses the entire management system that supports the design, implementation, maintenance and improvement of risk management processes.

Implementation

The intent of ISO 31000 is to be applied within existing management systems to formalize and improve risk management processes as opposed to wholesale substitution of legacy management practices. Subsequently, when implementing ISO 31000, attention is to be given to integrating existing risk management processes in the new paradigm addressed in the standard.
The focus of many ISO 31000 'Harmonization' program[5] have centered on:

• Transferring accountability gaps in enterprise risk management
• Aligning objectives of the governance frameworks with ISO 31000
• Embedding management system reporting mechanisms
• Creating uniform risk criteria and evaluation metrics

Implications

Most implications for adopting the new standard concern the re-engineering of existing management practices to conform with the documentation, communication and socialization of the new risk management operating paradigm; as opposed to wholesale re-orientation of management practice throughout an organization. Accordingly, most senior position holders in an enterprise risk management organization will need to be cognizant of the implication for adopting the standard and be able to develop effective strategies for implementing the standard across supply chains and commercial operations.[6]
Certain aspects of top management accountability, strategic policy implementation and effective governance frameworks, will require more consideration by organizations that have previously used now redundant risk management methodologies.
In some domains that concern risk management, particular security and corporate social responsibility, which may operate using relatively unsophisticated risk management processes, more material change will be required, particularly regarding a clearly articulated risk management policy, formalizing risk ownership processes, structuring framework processes and adopting continuous improvement program.

Accreditation

ISO 31000 has not been developed with the intention for certification.

See also

• Enterprise Risk Management
• International Organization for Standardization
• ISO 9000:2000
• ISO 14001
• ISO/PAS 28000 - Specification for security management systems for the supply chain
• PDCA
• Risk
• RiskAoA
• Risk Management
• Risk management tools
• Security risk

References

• ^ National Standards Authority of Ireland
• ^ ISO 31000 catalogue http://www.iso.org/iso/catalogue_detail.htm?csnumber=43170
• ^ ISO 31000 Update
• ^ ISO Guide 73: Risk Management - Vocabulary
• ^ ISO 31000 update: What it means to C-Suite Risk Owners
• ^ Implications for ISO adoption http://www.optaresystems.com/index.php/optare/publication_detail/iso_31000_update_what_it_will_mean_for_a_cso/

External links

• International Organization for Standardization
• AS/NZS ISO 31000:2009 Risk management - Principles and guidelines
• Discussion forum on ISO 31000:2009 Risk management - Principles and guidelines

Why Quality Foundation – Kolkata

Consultants of Quality Foundation, follow a Structured approach (Process flow diagram for System Development)  for developing ISO 31000:2009 – Risk Management – Principles and guidelines, Requirements through consultancy and training services, involving all concerned personnel, there by developing the competence in application of the standard in the existing management standards thereby continually  reducing the risk and its impacts in an organization.
Consultants of Quality foundation are the Only Senior consultant registered with National Board of Quality Promotion /Quality Council of India, in the eastern region, Kolkata for QMS, Strongly believes in Value addition, Provides Customized Solutions. Possess Expertise in Diversified sectors. Quality Foundation have dedicated consultants having in depth knowledge and experience in Management systems consulting & Training. Have consulted and trained for More than 200 + Clients across India on various ISO Standards.

Services offered towards – ISO 31000:2009 - Risk Management – Principles and guidelines

• One day Awareness training program on the Risk Management – Principles and guidelines
• Risk Assessment/ Gap analysis with regard to process development;
• Risk Assessment/ Gap analysis with regard to Project risk management;
• Risk Assessment/ Gap analysis with regard to Environmental management 
• Risk Assessment/ Gap analysis with regard to enterprise risk management;
• Risk Assessment/ Gap analysis with regard to supplier liability risk management;
• Risk Assessment/ Gap analysis with regard to Occupational health and safety ;
• Risk Assessment/ Gap analysis with regard to Food safety & Hygiene
• Risk Assessment/ Gap analysis with regard to Information security
• risk management training & Consultations

Contact us

For more information about this service, contact our friendly team today on 09831350433. We will be pleased to help you

For Purchase of the standards Pl go to the below site;

http://www.iso.org/iso/catalogue_detail?csnumber=43170