Risk ‘Principles’ from ISO 31000

Any worthwhile Standard starts with a set of ‘Principles’. ISO 31000 is no exception. Let’s see if we can tie these Risk Principles into a typical ISO Management System.

Value Creation and Protection is at the core of this section of ISO 31000 and gives it relevance to any business. Without ‘Protection’ an organization is a risk of being caught unaware of possible problems – internal or external (4.1) and meet an untimely demise!

    1. Integrated – make risk management part of the culture – you’ll see a requirement in clause 5.1.1 c) for Management to make sure that the requirements of the Standard are integrated into the business processes. This ties in perfectly with this Principle
    2. Structured and Comprehensive – Much better to have a ‘Framework’ on which to build a Risk Management plan than simply wander around looking for risky situations. The next post will have more details on the ISO 31000 ‘Framework’.
    3. Customized – Each organization is so unique that a ‘cookie-cutter’ approach is dangerous. Even multiple sites within the same organization will have a different set of risks based on its Context (4.1), Interested Parties (4.2), People (7.1.2, 7.2), Infrastructure (7.1.3), Work Environment (7.1.4), Communication (7.3) and Awareness (7.4) to name just a few variables.
    4. Inclusive – include all aspects of the ‘end-to-end’ workflow and all of the people related to the flow (4.4.1 a & b).
    5. Dynamic – risk and opportunities are always changing and you will benefit from assessing how well you’re managing all aspects related to your organization (Performance Measurement 9.1.3 e] and Management Review 9.3.2 e)
    6. Best available information – don’t become a victim of ‘paralysis from analysis. You may never have 100% of the information you’d like to have before you have to make a decision (8.2.3 – review of customer requirements, 9.1.3 – Performance Evaluation, measurement and analysis)
    7. Human and culture factors – a system won’t reduce risk, but people will. This links to 4.1 Context, 7.1.2 People, 7.1.4 Work environment, and most of 5 – Leadership.
    8. Continual Improvement – to reduce surprises: 9.2 Internal Audits, 10.2 Corrective Action, 10.3 Improvement

That’s the ‘Principles’ section from ISO 31000. There will be more detail about ‘Framework’ and ‘Process’ in the next 2 posts. These ideas will help you get started on your risk management journey, but be sure to get a copy of ISO 31000 if you want more guidance for your activities. All of your efforts will pay you a surprising return on your investment!

Know Quality, Know Profits…No Quality, No Profits

If you’d like to see how we’ve designed our platform to help manage risk, schedule a demo and we’ll see if it can make your ‘ISO life’ simpler and safer!

Click here to Schedule a Demo