ISO 31000 Risk Management Standard
The ISO 31000 Risk Management Standard was published in 2009 by the International Standard Organization ((ISO). It defines the risk management process as “coordinated activities to direct and control an organization with regard to risk”. It also provides a definition of the risk management framework as “set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organization”.
ISO 31000 as an International Standard, gains a very wide acceptance in many countries and large corporations as it is practical and business oriented. It consists of three components: principles of managing risks, framework of managing risk, and process of managing risks. Therefore, ISO 31000 captures ERM as an integrated way of managing risk.
Furthermore, its universal characteristics make them applicable for any type of organization, public or private, large-size corporations or small-size corporations. And yet, it is built not from the drive of being compliance to certain regulations, but more on addressing the uncertainty of business challenges and how to deal with them. Some have seen ISO 31000 is developed from the AUS/NZS 4360 Risk Management Standard originating from Australia, especially in the part of ‘risk management process. It is true, but ISO 31000 is much more comprehensive, systematic, and universal.