ISO 31000 as an Enterprise Risk Management Standard

ISO 31000 is 23 pages long, but these pages provide an entry level Enterprise Risk Management (ERM) guideline.

Why is this important?

An organization develops ISO 31000 ERM capabilities to provide a structured, consistent, disciplined, and achievable approach to risk management that facilitates Risk Based Thinking throughout the organization. Risk Based Thinking is composed of 1. Risk based, problem solving (RB – PS) and 2. Risk based, decision making (RB –DM). Both RB – PS and RB – DM are the basis for all management and supervision. We discuss this in our new book: ISO 31000: Enterprise Risk Management.

Interestingly, we wrote a 230 page book packed with loads of information for a 23 page standard.   And oh by the way, we could have written another 200 pages.

ISO 31000 GAME CHANGERS

ISO 31000 ERM is a game changer for companies. Why?

• ERM enables executive management to identify and prioritize strategic goals and strategic risks.
• ERM promotes a risk aware culture that identifies investment opportunities.
• ERM provides the organization the means to align risk strategy, processes, technology, people, and knowledge for the purpose of identifying, assessing, and managing uncertainties in the execution of its risk vision and mission critical objectives.
• ERM allows for a consistent, repeatable, and scalable approach across the organization and into the supply chain.
• ERM enables the organization to more effectively and efficiently manage enterprise risks.
• ERM enables executive management to consider tradeoffs between risks, pursue opportunities (upside risk), determine associated costs, and balance value creation across the enterprise.
• ERM processes provide actionable steps for the organization to make its ISO 31000 risk management process more capable and mature.
• ERM enables risk owners to identify and assess risks and evaluate their impact on the organization’s ability to achieve its mission critical objectives.
• ERM develops and implements an effective ISO 31000 risk management framework and risk management process across the enterprise to enhance stakeholder value.
• ERM involves architecting, designing, implementing, and assuring policies, processes, capabilities, and responsibilities to identify key risks and effectively treat the risks within the organization’s risk appetite.

Note: ISO 31000 is becoming a critical document for all ISO standards.  The last ISO 31000 iteration was developed in 2009.  There will be a revision coming out in 2016 ro 2017.  Stay tuned….