Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
ISO 31000 is a generic risk management standard. It can be used by any organization no matter
what size it is or what it does. It can be used by both public and private organizations and by
groups, associations, and enterprises of all kinds. It is not specific to any sector or industry and can
be applied to any type of risk. ISO 31000 can be applied to the achievement of any and all types of
objectives at all levels and areas within an organization. It can be used at a strategic or
organizational level to help make decisions and can be applied to all types of activities. It can be
used to help manage processes, operations, projects, programs, products, services, and assets.
This page presents an overview of ISO 31000 2009. It doesn't provide detail. It starts with section 3
because the ISO 31000 2009 guidelines start there.
Copyright © Kesteven and Associates Pty Limited, 2013 Document1 Version Error! Unknown document property name. Error! Unknown document
property name. Page 1 of 10
3. RISK MANAGEMENT PRINCIPLES
Make sure that your organization’s approach to risk management is systematic, structured,
and timely.
o Make sure that your approach contributes to efficiency.
o Make sure that your approach generates reliable results.
Make sure that the inputs you use to manage risk are based on the best available
information sources.
Make sure that decision makers understand and consider the limitations and shortcomings
of the data they use to manage risk.
Make sure that your organization’s approach to risk management is aligned with its unique
internal and external context.
Make sure that your organization’s approach to risk management is aligned with its risk
profile.
Copyright © Kesteven and Associates Pty Limited, 2013 Document1 Version Error! Unknown document property name. Error! Unknown document
property name. Page 2 of 10
3(H) RISK MANAGEMENT SHOULD CONSIDER HUMAN FACTORS
Make sure that your approach to risk management recognizes and considers the human and
cultural factors that can influence the achievement of your organization’s objectives.
o Consider how human capabilities can facilitate or hinder the achievement of your
objectives.
o Consider how human perceptions can facilitate or hinder the achievement of your
objectives.
o Consider how human intentions can facilitate or hinder the achievement of your
objectives.
Make sure that your organization’s approach to risk management is dynamic and
responsive.
o Make sure that your approach to risk management continually senses change and
responds to it.
Make sure that your approach to risk management is ongoing.
o Repeat your risk management process whenever and wherever objectives need to be
achieved.
Copyright © Kesteven and Associates Pty Limited, 2013 Document1 Version Error! Unknown document property name. Error! Unknown document
property name. Page 3 of 10
4. RISK MANAGEMENT FRAMEWORK
Evaluate and understand your organization’s external context and then use this knowledge
to design your risk management framework.
o Evaluate and understand your external environment.
o Evaluate and understand your external stakeholders.
o Evaluate and understand your external influences.
Evaluate and understand your organization’s internal context and then use this knowledge
to design your risk management framework.
o Understand your organization’s internal stakeholders.
o Understand your organization’s governance.
o Understand your organization’s capabilities.
o Understand your organization’s culture.
o Understand your organization’s standards.
o Understand your organization’s contracts.
Develop a plan that describes how you intend to communicate with your external
stakeholders.
Implement your risk management communication plan.
Develop a plan that explains how you intend to apply your organization’s risk management
process (Part 5).
Use your risk management plan to implement your organization’s risk management process
(Part 5).
Study the results of your organization’s risk management monitoring and review activities
(see Part 4.5, above).
Figure out how you’re going to improve your organization’s risk management framework.
Copyright © Kesteven and Associates Pty Limited, 2013 Document1 Version Error! Unknown document property name. Error! Unknown document
property name. Page 6 of 10
5. RISK MANAGEMENT PROCESS
Communicate and consult with stakeholders during all stages of the risk management
process.
Use a consultative team approach to communicate and consult with your organization’s
stakeholders.
Identify and understand the parameters and variables that influence and control how your
organization manages risk.
o Define your organization’s external context (see Part 5.3.2).
o Define your organization’s internal context (see Part 5.3.3).
Identify and understand your organization’s external context and consider the influence it
could have on its ability to manage risk and achieve its objectives.
o Identify and understand environmental conditions and consider the influence they
could have on your organization’s ability to achieve its objectives.
o Identify and understand key external factors and consider the influence they could
have on your organization’s ability to achieve its objectives.
o Identify and understand the relationships you have with external stakeholders and
consider the influence they could have on your organization’s ability to achieve its
objectives.
Consider your organization external context when you develop your organization’s risk
criteria (see Part 5.3.5 for details).
o Consider the concerns, objectives, and perceptions of external stakeholders when you
formulate your risk criteria.
Identify and understand your organization’s internal context and consider the influence it
could have on its ability to manage risk and achieve objectives.
o Understand your organization’s internal stakeholders.
o Understand your organization’s governance structure.
Copyright © Kesteven and Associates Pty Limited, 2013 Document1 Version Error! Unknown document property name. Error! Unknown document
property name. Page 7 of 10
o Understand your organization’s capabilities.
o Understand your organization’s culture.
o Understand your organization’s standards.
o Understand your organization’s contracts.
Copyright © Kesteven and Associates Pty Limited, 2013 Document1 Version Error! Unknown document property name. Error! Unknown document
property name. Page 8 of 10
5.4 CARRY OUT YOUR ORGANIZATION’S RISK ASSESSMENT PROCESS
Copyright © Kesteven and Associates Pty Limited, 2013 Document1 Version Error! Unknown document property name. Error! Unknown document
property name. Page 9 of 10
5.6 MONITOR AND REVIEW YOUR RISK MANAGEMENT PROCESS
Copyright © Kesteven and Associates Pty Limited, 2013 Document1 Version Error! Unknown document property name. Error! Unknown document
property name. Page 10 of 10