The diagram below shows how the three main sections are interrelated
and how each of these three sections are organized. The standard starts by
listing a set of risk management principles. Use these principles to guide the
establishment of your risk management framework. Then use the framework
to guide the establishment of your risk management process. Together these
three sections make up what ISO 31000 calls a risk management architecture.

OVERVIEW OF PART 3: RISK MANAGEMENT PRINCIPLES

Part 3 of ISO 31000 discusses risk management principles. These
principles provide a pragmatic conceptual foundation for the rest of the
standard. Part 3 says that your approach to risk management should be
an integral part of your organization’s processes (especially its decision
making process), should be tailored to its environment, should create and
protect value, and should support and encourage continual improvement.
It also says that your approach should not only be structured, systematic,
and iterative, it should also be dynamic, responsive, and inclusive. In
addition, your approach should not only address the human and cultural
factors that influence the achievement of your organization’s objectives,
it should also deal with the many uncertainties that threaten your
organization’s success.

In general, these risk management principles should influence how
you design and implement your organization’s risk management
framework (Part 4) and process (Part 5).

OVERVIEW OF PART 4: RISK MANAGEMENT FRAMEWORK

Part 4 discusses ISO’s risk management framework. It starts by
asking you to make risk management part of your organization’s general
management system and to use this risk management framework to support
your risk management process (Part 5). Then, in Part 4.2, it asks you to make
a commitment to risk management by establishing a risk management policy,
by formulating risk management objectives, and by assigning risk
management responsibilities.

Part 4 is an iterative (cyclical) process. This iterative process starts by
asking you to make a commitment to risk management. It then asks you to
design, implement, monitor, and improve your risk management framework,
and to do it in that order. Repeat this iterative process whenever you need
to change your risk management policy, modify your risk management
objectives, or improve your framework.

OVERVIEW OF PART 5: RISK MANAGEMENT PROCESS

Part 5 explains how to apply a risk management process. It starts by
asking you to make risk management an integral part of your organization’s
management approach. It then emphasizes the need to communicate and
consult with both external and internal stakeholders and to continuously
monitor and review your organization’s risk management process.

The risk management process itself starts by establishing your
organization’s unique context. Once you understand both your external
and internal context, you’re ready to carry out your risk assessment process,
which involves identifying, analyzing, and evaluating risks. Once you know
what your risks are, you’re ready to formulate and implement risk treatment
plans. Repeat this process every time you have a risk that needs to be
assessed and controlled.

Praxiom Research Group Limited help@praxiom.com 780-461-4514

Updated on August 8, 2018. First published on August 31, 2010.

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
material as often as you wish, free of charge. And as long as you keep intact
all copyright notices, you are also welcome to print or make one copy of this
page for your own personal, noncommercial, home use. But, you are not
legally authorized to print or produce additional copies or to copy and paste
any of our material onto another web site or to republish it in any way.

Copyright © 2010 - 2018 by Praxiom Research Group Limited. All Rights Reserved.