ISO 31000 - Risk management

Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organizations to perform well in an environment full of uncertainty.

ISO 31000:2009

ISO 31000:2009, Risk management – Principles and guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
However, ISO 31000 cannot be used for certification purposes, but does provide guidance for internal or external audit programmes. Organizations using it can compare their risk management practices with an internationally recognised benchmark, providing sound principles for effective management and corporate governance.

Related Standards

A number of other standards also relate to risk management.

ISO Store

Visit the ISO Store to buy more standards

Useful articles

The risk management toolbox

by Maria Lazarte & Sandrine Tranchard

Organizations can now benefit from a well-stocked toolbox for risk management featuring :• ISO 31000:2009, Risk management – Principles and guidelines• ISO Guide 73:2009, Risk management vocabulary• ISO/IEC 31010:2009, Risk management – Risk assessment techniques.

Read the full entry

Risk management - New work reinforces a solid toolbox

by Kevin W. Knight AM

One could argue that the global financial crisis was caused by a failure of management rather than a failure of risk management. Those organizations whose boards promoted an effective risk management culture passed through the crisis relatively unscathed – the banking and finance industry in Australia and Canada being two examples.

Read the full entry

Get ready, set, go! - Managing disruptions in emergency situations

by Kevin W. Knight AM

Effective responses to a frequently wide range of disruption-related risks require a concerted approach to the management of emergency preparedness.

Read the full entry


Are you in control of your records?

Business information, once totally paper-based, is now distributed in millions of digital records and e-mails that make up an organization's data. Companies spend a tremendous amount of time and money managing business databases and other corporate records so they can control their activities, improve their operations and demonstrate compliance with the law. But what happens when documents are misfiled, databases damaged, or even worse, deleted? Time to prepare for the worst-case scenario.

Help at hand for risk management with ISO/TR 31004

After the success of ISO 31000 on the management of risk, a new technical report joins the family. The new ISO/TR 31004:2013, Risk management - Guidance for the implementation of ISO 31000, will help organizations smoothly align their risk management practices to ISO 31000.