The world is changing at a rapid pace and uncertainty has become a daily reality. Just think about the corona crisis, economic conflicts and stricter environmental requirements. The way organisations deal with those uncertain factors determines their success. Or in other words: the better you manage risks, the better you perform.
That sounds simple enough, but that’s not always the case. Luckily, we can rely on ISO 31000, the international standard for risk management. This standard allows you to boost your results and reputation in the long run. Why? ISO 31000 is not only a basis for risk analysis, it also helps you to spot opportunities.
Uncertain elements – or risks – can have a positive impact on achieving your goals. If you know how to become a risk-aware organisation, you’ll gain a competitive edge!
Risk managers still remain mostly on the side lines when it comes to key decision making. ISO 31000 should help them to turn risk management into an integral part of the organisation, both on operational and strategic levels.
Purchase NBN ISO 31000:2018 Risk management - Guidelines from NBN. The standard is available in English, Dutch and French.
ISO 31000 offers companies and other organisations guidelines to integrate risk-aware decision making into their governance, planning, reporting, policies, values and culture. It’s an open, principle-based system that makes the standard apt for any context. The international standard is both intended for risk management on corporate level and the management of strategic and operational risks in the daily operations or projects.
ISO 31000 was revised in 2018, almost 10 years after its first publication in 2009. Because of that revision, the standard is now completely in line with the current market situation and takes new challenges for organisations into account. Some examples: the increasing complexity of economic systems and emerging risks, such as digital currencies and cyber criminality.
Important: the concept of risk management (and risk assessment), as described in ISO 31000, was important input for the new generation of risk-based management standards, such as ISO 9001 (quality management), ISO 14001 (environmental management) and ISO 45001 (occupational health and safety).
With the High-Level Structure (HLS) all management standards possess the same basic structure, definitions and concepts. Risk management plays a crucial part in this. The result: if you know what ISO 31000 is about, you’ll be able to apply management standards more efficiently.
The definition of risk according to ISO 31000 is ‘the effect of uncertainty on your goals’, so risk management is basically an instrument to manage threats (negative effects) and to benefit from opportunities (positive effects). This should lead to improved performance of your organisation, project, product or service. In short: the main objective of ISO 31000 is to create and protect value.
These 8 principles of ISO 31000 support the main objective:
The main benefits of good risk management based on ISO 31000:
Everyone who contributes to risk management within their organisations can benefit from ISO 31000, so not only professional risk managers, but also:
With the standard IEC 31010, the perfect addition to ISO 31000, you create a practical, sustainable and easily understandable evaluation process.
ISO 31000 is not a management standard in the strict sense, because the standard includes guidelines (not requirements) for a management system. The consequence: contrary to ISO 9001 or ISO 14001, you can’t get your organisation certified for ISO 31000. However, individual professionals can obtain a personal certification.
A certification is an objective and written proof that you completely master the methodologies, guidelines and approach from ISO 31000. If you pass the PECB exam, you receive a certification of the internationally accredited certification institution PECB.
In Belgium, you can obtain a certification via the Global Network for Independent Certification (GNIC). Together with NBN, GNIC regularly organises courses and exams that offer risk managers the chance to improve their skills.
With a certification to your name, your career will take a leap forward. This recognition proves that you’re trained to protect organisations from risks and spot opportunities. An asset that inspires confidence from many different stakeholders.
Nowadays, the importance of risk analysis is a common theme in various standardisation commissions. For example, in the commission that is responsible for ISO 19011, the standard for internal and external auditing of management systems. Even more, risk-based thinking is one of the 7 main principles for auditing management systems in the latest version of ISO 19011. The core ideas of this principle are directly linked to ISO 31000.
Traditional audit methods take procedure compliance as a benchmark. Risk-based auditing, however, gives more attention to achieving business goals and a proactive approach towards them. This new audit focus is gaining traction. The result: if you conduct audits for management standards, such as ISO 9001 (quality management) or ISO 14001 (environmental management), the auditor will definitely take a closer look at your risk management within those areas. Knowledge of the guidelines from ISO 31000 is a big plus in that respect.
To take your risk management to the next level, you can also count on these standards to complement ISO 31000:
Purchase the standard in the NBN e-shop. That way, you’ll immediately get an overview of all requirements for good risk management.
Sign up for our monthly newsletter.