Risk Management with ISO 31000:2018 - Advanced Level

To know and understand  ISO 31000 is nice, but often people struggle to get these guidelines translated into action and  implementation in their organisation. They work hard building a comprehensive ERM system that is creating and protecting value for the organisation, but with varying success.


Learning objectives of this course

In this 5-day interactive course, you will learn and practice how to develop the ISO 31000 framework to fit with your needs and desires. You will discover how to match the ISO 31000 process with the governing practices in your organisation. You will build your own policies, plans and procedures to integrate risk management into operational processes at all levels of the organisation and how to tie into and align this with the already existing practices present in your organisation. You go home with inspiration for immediate action, for as far as these plans are within the scope of your mission and under your control.

During these five days, you will work on your own case to produce the policies, plans and procedures needed to successfully implement ISO 31000 and necessary to get the benefits of it. You will become inspired by your fellow participants, general examples and the various models used to make this work.



Program: The program is tailored to the needs of the participants and focuses on the elaboration of the ISO 31000 framework, adapted (customised) to the participants specific situation and input.


  • Introduction and overview of the course
  • Refresher of the ISO 31000 standard, including the changes that were introduced in the 2018 version.
  • The components and deliverables of the ISO 31000 Risk Management Framework
    • Leadership and commitment
    • Integration
    • Design
    • Implementation
    • Evaluation
    • Improvement
  • Leadership & Commitment
    • Alignment (Vision, Mission & Ambition, Values, Strategy, Processes, Behaviour, …)
    • (Corporate) Risk attitude & Risk criteria
  • An integrated corporate policy document
  • Integration
    • Corporate context
    • Risk ownership & delegation
    • Corporate decision making & structure
    • Internal and external relationships
  • Connecting risk management and decision making throughout the organisation
  • Design
    • The organisation and its context (internal & external)
    • Risk management commitment
    • Roles, authorities, responsibilities and accountabilities
    • Required resources
    • Approach towards communication & consultation
  • Risk Management Plan
  • Implementation
    • Actual situation vs Desired situation (Gap analysis)
    • Required modifications, additions, removals, …
    • Timing & resources
  • Risk Management Implementation plan
  • Evaluation
  • Improvement
  • ISO 31000 Framework test


Target audience

This training is addressed to managers and consultants with a basic knowledge of ISO 31000 (whether or not demonstrated by a certificate) and is ideal for:

  • Risk managers responsible for developing and improving risk management in their organization;
  • Consultants who assist companies in their development;
  • users of other management standards seeking to integrate risk management;
  • SME managers, management and strategic staff;
  • Internal external auditors working with ISO 31000;
  • Every person who wants to integrate risk management into their organization, into daily decision-making and at all levels of the organization.


Prequisites to follow this course

Knowledge of the ISO 31000 standard:

  • 2009 and/or 2018 versions. If possible, proven by an appropriate certificate.

Familiarity with the own organisation:

  • Organisational objectives, values and convictions (what is important and valuable for the organisation and its essential stakeholders)
  • Organisational structure, decision making and delegation
  • Current risk management practices
  • Available resources



In cooperation with NBN, a GNIC (Global Network for Independent Certification) ISO 31000 implementor certification (CRMIP) will be earned when participants comply with the following:

Obtain at least 75% for the ISO 31000 Framework test (40 questions in 1 hour)

Hand in the following documents for evaluation:

  • a concise corporate policy document
  • a concise risk management plan, including
    • an articulated risk management commitment
    • performance indicators
    • an (approved) approach to communication and consultation
  • a concise risk management implementation plan, including
  • a concise overview of Functions & decision making processes
  • an estimate of timeline and resources
  • arrangements on how to adapt and continually improve


Meet the trainer

Peter Blokland is affiliated with the Delft University of Technology (TU Delft) and the University of Antwerp. He specializes in risk management according to the ISO 31000 standard and gives several courses on this at the NBN Academy.

NBN Academy

The NBN Academy assists organisations in understanding and applying standards. The NBN Academy is part of NBN (Bureau for Standardisation). It organises open trainings as well as in-company training on management standards. NBN is the single point of contact in Belgium for anyone wishing to develop or buy standards, or to follow training in applying management standards.


General terms and conditions

Click here for the General terms and conditions of the NBN Academy.