Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organizations to perform well in an environment full of uncertainty.
ISO 31000:2009, Risk management – Principles and guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector.
Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
However, ISO 31000 cannot be used for certification purposes, but does provide guidance for internal or external audit programmes. Organizations using it can compare their risk management practices with an internationally recognised benchmark, providing sound principles for effective management and corporate governance.
Featured in the ISO Store box above, there are a number of other standards also relate to risk management.
Evidence reveals that only half of all small and medium-sized enterprises (SMEs) make it beyond their fifth year, suggesting that running a successful business requires managing risks effectively. Making a commitment to better understand and manage risk is therefore key to helping SMEs survive and grow sustainably.