Last Release of International Risk Management Guideline

Last Release of International Risk Management Guideline

ISO 31000 : 2018 – Last Release of International Risk Management Guideline

Risk is a necessary part of doing business, and in a world where enormous amounts of data are being processed at increasingly rapid rates, identifying and mitigating risks is a challenge for any company. It is no wonder then that many contracts and insurance agreements require solid evidence of good risk management practice. ISO 31000 is the international recognized guideline provides direction on how companies can integrate risk-based decision making into an organization’s governance, planning, management, reporting, policies, values and culture. It is an open, principles-based system, meaning it enables organizations to apply the principles in the standard to the organizational context.
ISO 31000 is applicable to all organizations, regardless of type, size, activities and location, and covers all types of risk. It was developed by a range of stakeholders and is intended for use by anyone who manages risks, not just professional risk managers. All ISO standards are reviewed every five years and then revised if needed. This helps ensure they remain relevant, useful tools for the marketplace. A revised version of ISO 31000 was already published in 2018 to take into account the evolution of the market and new challenges faced by business and organizations since the standard was first released in 2009. One example of this is the increased complexity of economic systems and emerging risk factors such as digital currency, both of which can present new and different types of risks to an organization on an international scale.


ISO 31000:2018 provides more strategic guidance than the 2009 version and places more emphasis on both the involvement of senior management and the integration of risk management into the organization. This includes the recommendation to develop a statement or policy that confirms a commitment to risk management, assigning authority, responsibility and accountability at the appropriate levels within the organization and ensuring that the necessary resources are allocated to managing risk. The revised standard now also recommends that risk management be part of the organization’s structure, processes, objectives, strategy and activities. It places a greater focus on creating value as the key driver of risk management and features other related principles such as continual improvement, the inclusion of stakeholders, being customized to the organization and consideration of human and cultural factors. The content has been streamlined to reflect an open systems model that regularly exchanges feedback with its external environment in order to fit a wider range of needs and contexts. The key objective is to make things clearer and easier, using plain language to define the fundamentals of risk management in a way that the reader will find easier to comprehend. The terminology is now more concise, with certain terms being moved to ISO Guide 73, Risk management – Vocabulary, which deals specifically with risk management terminology and is intended to be used alongside ISO 31000. Work has commenced on a terminology standard and implementation handbook to further enhance the understanding and applicability of the standard.


The Risk Management Guideline, helps organizations to develop a risk management strategy to effectively identify and mitigate risks, thereby enhancing the likelihood of achieving their objectives and increasing the protection of their assets. Its overarching goal is to develop a risk management culture where employees and stakeholders are aware of the importance of monitoring and managing risk. Implementing ISO 31000 also helps organizations see both the positive opportunities and negative consequences associated with risk, and allows for more informed, and thus more effective, decision making, namely in the allocation of resources. What’s more, it can be an active component in improving an organization’s governance and, ultimately, its performance. TC2 as inspection and verification body can support your company reviewing the risk management strategy , assessing your identify risks and relevant mitigation plane in place to reduce these.
Tags ISO