National Standards Authority of Ireland New Standards Shop

Buy Irish Standards Online

Buy now

Properly implemented risk management is as much about identifying opportunities as well as potential losses.

NSAI Risk Management Standards Committee NSAI/TC 30

What is ISO 31000 and how does it differ from existing guidelines?

ISO 31000 differs from existing guidelines of the management of risk in that it shifts the emphasis from the uncertainty of something happening – an event to the effect of uncertainty on achieving objectives. Implementing risk management in line with ISO 31000 will increase the likelihood of achieving objectives, improve an organizations ability to identify opportunities and threats, have a reliable basis for informed decision making and planning.

ISO 31000:2018 sets out terms and definitions, principles, a framework and a process for managing risk. It is important that the 11 principles of the standard are used as a guiding set of rules for organizational boards and top management in developing their framework and processes for managing risk.

The risk management framework provides the foundations and organizational arrangements for designing, implementing and reviewing risk management in an organization. The overarching component of the framework is the mandate and commitment of the board or top management. Critically the standard requires that the organization ensures there is accountability and responsibility for the management of risk by identifying risk owners (accountable for their decisions or lack of decisions) as distinct from those who are responsible for implementing the decisions of the risk owner. The framework also sets out how management of risk is to be incorporated into the "way of doing things" so that it becomes in integral part of how the organization is managed rather than an "add on" activity.

The risk management process deals more with the specifics of risk identification, analysis and evaluation as well as risk treatment. In both the framework and process stages the importance of communication and consultation as well as monitoring and review are stressed. This is to ensure that relevant information is available to the appropriate people as well as ensuring planned reviews are carried out to monitor the effectiveness of the risk management system.

Development of ISO 31000 and NSAI involvement

  • NSAI participated in the development of ISO 31000. National risk management experts monitored and commented on the development of the international standard through the work of the NSAI Risk Management Standards Committee (NSAI/TC 30).
  • ISO 31000 is the product of over four year's consultation with risk management experts and standard developers in over 30 countries and marks a significant step in providing an international benchmark for risk management.
  • ISO 31000 provides a common approach for managing different types of risk, irrespective of the organization's size, type, complexity, structure and location. It is intended to meet the needs of a wide range of stakeholders from executive management who develop risk management policies to risk analysts, line managers and project managers who implement and apply risk management policies and plans etc.

As I.S. ISO 31000:2018 is a guidance standard and is not intended for certification purposes, implementing it does not address specific or legal requirements of risk assessment and management.

Where can I purchase standards on Risk Management?

Buy I.S. ISO 31000:2018

Purchase Risk Management and other standards on the NSAI webstore www.standards.ie or contact the sales team on +353 1 857 6730 / email info@standards.ie.

Get in Touch

For any queries in relation to Risk Management Standards please contact:
NSAI / TC 30 Technical Secretary
E standards@nsai.ie