Risk Management

ISO31000 Risk Management

We provide ISO31000 consulting and implementation support. Our works includes understanding the organizational context, organizational risk mapping, prioritizing risk, risk assessment, risk management options, risk dashboard, controls review, policy/documentation support, training, training and coaching risk officers, coaching teams/employees, internal audit and management review, amongst others.

We would like to share several things here as food for thought:

  1. ISO31000 does not describe the concept of “risk register”. Yet there seem to be multitudes of types and formats of “risk registers” that people has been using. Does an organization really need a “risk register”? ISO31000 simply prescribes that risks are to be recorded.
  2. Believe it or not, ISO31000 also does not provide a definition of Enterprise Risk Management. The reason is apparent – risk management, if it is part and parcel of an organization’s business processes as it is meant to be, will be more than all-encompassing already.
  3. Yet, there seem to be proliferations of “enterprise risk management” methodologies etc. for which until now, most “enterprise risk management” methods simply led to another layer of bureaucracy or another silo. All sorts of risk positions (which may not necessarily be needed) and entire departments focused on “managing risk” ended up being created. Are these what your organization need?
  4. All these can be unnecessary burden and costs and defeats the purpose of actually integrating risk management into an organization (Principle 4 of the ISO31000).

Our ISO31000 Service Features:

  • Design the Risk Program and Framework
  • Conduct Risk Identification and Assessment Workshop
  • Plan for Treatments
  • Measure Effectiveness and Continuous Improvement
  • Building and Embedding the Risk Culture

ISO31000 may not be well known but its philosophy can be seen across all the popular management system standards that are aligned to ISO’s Annex SL format, such as ISO27001, ISO22301, and ISO9001, ISO14001 and ISO18001 as well.

Our featured partner software solutions: