ISO 31000 is a generic risk management standard. It was developed by the ISO Technical Management Board Working Group on risk management. The official name of the standard is ISO 31000:2009 Risk management – Principles and guidelines. ISO published this new standard on November 13, 2009.
According to the Introduction to ISO 31000 2009, the term risk management also refers to the architecture that is used to manage risk. This architecture includes risk management principles, a risk management framework, and a risk management process.
Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organizations to perform well in an environment full of uncertainty.
ISO 31000:2009 Risk Management provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
Organizations using it can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management and corporate governance.