ISO 31000:2009 sets out principles, a framework and a process for the management of risk that are applicable to any type of organization in public or private sector. It does not mandate a "one size fits all" approach, but rather emphasises the fact that the management of risk must be tailored to the specific needs and structure of the particular organization.
ISO 31000 is designed to help organizations:
- Increase the likelihood of achieving objectives
- Encourage proactive management
- Be aware of the need to identify and treat risk throughout the organization
- Improve the identification of opportunities and threats
- Comply with relevant legal and regulatory requirements and international norms
- Improve financial reporting
- Improve governance
- Improve stakeholder confidence and trust
- Establish a reliable basis for decision making and planning
- Improve controls
- Effectively allocate and use resources for risk treatment
- Improve operational effectiveness and efficiency
- Enhance health and safety performance, as well as environmental protection
- Improve loss prevention and incident management
- Minimize losses
- Improve organizational learning
- Improve organizational resilience.
ISO 31000 and ISO Guide 73 can be applied to any public, private or community enterprise, association, group or individual. The documents will be useful to:
>Those responsible for implementing risk management within their organizations
>Those who need to ensure that an organization manages risk
>Those needing to evaluate an organization' practices in managing risk
>Developers of standards, guides procedures and codes of practice relating to the management of risk.
