Getting started with ISO 31000-based ERM
Any entity that is currently operational has some form of risk management activities in place. However, these risk management activities are often ad hoc, informal and uncoordinated. And, they are often focused on operational or compliance-related risks and fail to focus systematically on strategic and emerging risks, which are most likely to affect an organization’s success. As a result, they fall short of constituting a complete, robust risk management process. In addition, existing risk management activities often lack transparency.
The approaches described below are based on successful practices that organizations have used to develop an incremental, step-by-step methodology to start ERM disregard their specific ERM framework being used. Therefore, these approaches are also valid to be used as reference for organizations that intend to implement ERM using ISO 31000.
While this is not the only way to start an ERM initiative, this incremental approach is designed to be very adaptable, flexible, and budget friendly. The following are two sections that can be used by organization to get their ERM started effectively:
- Keys to Success
- Initial Action Steps