AS/NZS ISO 31000:2009 This Joint Australian/New Zealand Standard was prepared by Joint Technical Committee OB-007, Risk Management. It was approved on behalf of the Council of Standards Australia on 6 November 2009 and on behalf of the Council of Standards New Zealand on 16 October 2009.This Standard was published on 20 November 2009.The following are represented on Committee OB-007:Australian Computer Society Commerce Commission New Zealand Committee IT-012Department of Education and Early Childhood Development Victoria Emergency Management Australia Engineers Australia Environmental Risk Management Authority New Zealand Financial Services Institute of Australia The Institute of Internal Auditors – Australia Institution of Professional Engineers New Zealand International Association of Emergency Managers La Trobe University Law Society of New South Wales Massey University Minerals Council of Australia Ministry of Economic Development (New Zealand) New Zealand Society for Risk Management Risk Management Institution of Australasia The University of New South Wales University of Canterbury New Zealand Keeping Standards up-to-date Standards are living documents which reflect progress in science, technology and systems. To maintain their currency, all Standards are periodically reviewed, and new editions are published. Between editions, amendments may be issued. Standards may also be withdrawn. It is important that readers assure them selves they are using a current Standard, which should include any amendments which may have been published since the Standard was purchased. Detailed information about joint Australian/New Zealand Standards can be found by visiting the Standards Web Shop at www.saiglobal.com.au or Standards New Zealand web site at www.standards.co.nz and looking up the relevant Standard in the on-line catalogue. For more frequent listings or notification of revisions,
Transcript
A S / N Z S I S O 3 1 0 0 0 : 2 0 0 9T h i s J o i n t A u s t r a l i a n / N e w Z e a l a n d S t a n d a r d w a s p r e p a r e d b y J o i n t T e c h n i c a l C o m m i t t e e O B - 0 0 7 , R i s k M a n a g e m e n t . I t w a s a p p r o v e d o n b e h a l f o f t h e C o u n c i l o f S t a n d a r d s A u s t r a l i a o n 6 N o v e m b e r 2 0 0 9 a n d o n b e h a l f o f t h e C o u n c i l o f S t a n d a r d s N e w Z e a l a n d o n 1 6 O c t o b e r 2 0 0 9 . T h i s S t a n d a r d w a s p u b l i s h e d o n 2 0 N o v e m b e r 2 0 0 9 . T h e f o l l o w i n g a r e r e p r e s e n t e d o n C o m m i t t e e O B - 0 0 7 : A u s t r a l i a n C o m p u t e r S o c i e t y C o m m e r c e C o m m i s s i o n N e w Z e a l a n d C o m m i t t e e I T - 0 1 2 D e p a r t m e n t o f E d u c a t i o n a n d E a r l y C h i l d h o o d D e v e l o p m e n t V i c t o r i a E m e r g e n c y M a n a g e m e n t A u s t r a l i a E n g i n e e r s A u s t r a l i a E n v i r o n m e n t a l R i s k M a n a g e m e n t A u t h o r i t y N e w Z e a l a n d F i n a n c i a l S e r v i c e s I n s t i t u t e o f A u s t r a l i a T h e I n s t i t u t e o f I n t e r n a l A u d i t o r s – A u s t r a l i a I n s t i t u t i o n o f P r o f e s s i o n a l E n g i n e e r s N e w Z e a l a n d I n t e r n a t i o n a l A s s o c i a t i o n o f E m e r g e n c y M a n a g e r s L a T r o b e U n i v e r s i t y L a w S o c i e t y o f N e w S o u t h W a l e s M a s s e y U n i v e r s i t y M i n e r a l s C o u n c i l o f A u s t r a l i a M i n i s t r y o f E c o n o m i c D e v e l o p m e n t ( N e w Z e a l a n d ) N e w Z e a l a n d S o c i e t y f o r R i s k M a n a g e m e n t R i s k M a n a g e m e n t I n s t i t u t i o n o f A u s t r a l a s i a T h e U n i v e r s i t y o f N e w S o u t h W a l e s U n i v e r s i t y o f C a n t e r b u r y N e w Z e a l a n dK e e p i n g S t a n d a r d s u p - t o - d a t eS t a n d a r d s a r e l i v i n g d o c u m e n t s w h i c h r e f l e c t p r o g r e s s i n s c i e n c e , t e c h n o l o g y a n d s y s t e m s . T o m a i n t a i n t h e i r c u r r e n c y , a l l S t a n d a r d s a r e p e r i o d i c a l l y r e v i e w e d , a n d n e w e d i t i o n s a r e p u b l i s h e d . B e t w e e n e d i t i o n s , a m e n d m e n t s m a y b e i s s u e d . S t a n d a r d s m a y a l s o b e w i t h d r a w n . I t i s i m p o r t a n t t h a t r e a d e r s a s s u r e t h e m s e l v e s t h e y a r e u s i n g a c u r r e n t S t a n d a r d , w h i c h s h o u l d i n c l u d e a n y a m e n d m e n t s w h i c h m a y h a v e b e e n p u b l i s h e d s i n c e t h e S t a n d a r d w a s p u r c h a s e d . D e t a i l e d i n f o r m a t i o n a b o u t j o i n t A u s t r a l i a n / N e w Z e a l a n d S t a n d a r d s c a n b e f o u n d b y v i s i t i n g t h e S t a n d a r d s W e b S h o p a t w w w . s a i g l o b a l . c o m . a u o r S t a n d a r d s N e w Z e a l a n d w e b s i t e a t w w w . s t a n d a r d s . c o . n z a n d l o o k i n g u p t h e r e l e v a n t S t a n d a r d i n t h e o n - l i n e c a t a l o g u e . F o r m o r e f r e q u e n t l i s t i n g s o r n o t i f i c a t i o n o f r e v i s i o n s , a m e n d m e n t s a n d w i t h d r a w a l s , S t a n d a r d s A u s t r a l i a a n d S t a n d a r d s N e w Z e a l a n d o f f e r a n u m b e r o f u p d a t e o p t i o n s . F o r i n f o r m a t i o n a b o u t t h e s e s e r v i c e s , u s e r s s h o u l d c o n t a c t t h e i r r e s p e c t i v e n a t i o n a l S t a n d a r d s o r g a n i z a t i o n . W e a l s o w e l c o m e s u g g e s t i o n s f o r i m p r o v e m e n t i n o u r S t a n d a r d s , a n d e s p e c i a l l y e n c o u r a g e r e a d e r s t o n o t i f y u s i m m e d i a t e l y o f a n y a p p a r e n t i n a c c u r a c i e s o r a m b i g u i t i e s . P l e a s e a d d r e s s y o u r c o m m e n t s t o t h e C h i e f E x e c u t i v e o f e i t h e r S t a n d a r d s A u s t r a l i a o r S t a n d a r d s N e w Z e a l a n d a t t h e a d d r e s s s h o w n o n t h e b a c k c o v e r .
T h i s S t a n d a r d w a s i s s u e d i n d r a f t f o r m f o r c o m m e n t a s D R 0 9 0 6 3 .AS/NZS ISO 31000:2009
P R E F A C ET h i s S t a n d a r d w a s p r e p a r e d b y J o i n t S t a n d a r d s A u s t r a l i a / S t a n d a r d s N e w Z e a l a n d C o m m i t t e e O B - 0 0 7 , R i s k M a n a g e m e n t t o s u p e r s e d e A S / N Z S 4 3 6 0 : 2 0 0 4 ,R i s k m a n a g e m e n t .W h e n A S / N Z S 4 3 6 0 : 1 9 9 9 w a s r e v i s e d i n 2 0 0 4 ( a s p a r t o f a r o u t i n e f i v e y e a r l y r e v i s i o n ) , i t w a s d e c i d e d b y t h e J o i n t A u s t r a l i a n / N e w Z e a l a n d C o m m i t t e e O B - 0 0 7 t h a t r a t h e r t h a n u n d e r t a k e a s i m i l a r r e v i s i o n i n 2 0 0 9 , S t a n d a r d s A u s t r a l i a a n d S t a n d a r d s N e w Z e a l a n d w o u l d p r o m o t e t h e d e v e l o p m e n t o f a n i n t e r n a t i o n a l s t a n d a r d o n r i s k m a n a g e m e n t w h i c h w o u l d t h e n b e a d o p t e d . I n 2 0 0 5 t h e I n t e r n a t i o n a l O r g a n i z a t i o n f o r S t a n d a r d i z a t i o n ( I S O ) e s t a b l i s h e d a w o r k i n g g r o u p t o d e v e l o p t h e f i r s t i n t e r n a t i o n a l r i s k m a n a g e m e n t s t a n d a r d u s i n g A S / N Z S 4 3 6 0 : 2 0 0 4 a s t h e f i r s t d r a f t . T h e s t a n d a r d d e v e l o p m e n t p r o c e s s i n c l u d e d e x t e n s i v e p u b l i c c o n s u l t a t i o n i n A u s t r a l i a a n d N e w Z e a l a n d a n d r e s u l t e d i n t h e p u b l i c a t i o n o f I S O 3 1 0 0 0 : 2 0 0 9 . T h e m a i n v a r i a t i o n s t o A S / N Z S 4 3 6 0 : 2 0 0 4 , a s o u t l i n e d i n t h e I n t r o d u c t i o n , a r e a s f o l l o w s : (a)R i s k i s n o w d e f i n e d i n t e r m s o f t h e e f f e c t o f u n c e r t a i n t y o n o b j e c t i v e s .(b)T h e p r i n c i p l e s t h a t o r g a n i z a t i o n s m u s t f o l l o w t o a c h i e v e e f f e c t i v e r i s k m a n a g e m e n t h a v e n o w b e e n m a d e e x p l i c i t . (c)T h e r e i s m u c h g r e a t e r e m p h a s i s a n d g u i d a n c e o n h o w r i s k m a n a g e m e n t s h o u l d b e i m p l e m e n t e d a n d i n t e g r a t e d i n t o o r g a n i z a t i o n s t h r o u g h t h e c r e a t i o n a n d c o n t i n u o u s i m p r o v e m e n t o f a f r a m e w o r k . (d)A n i n f o r m a t i v e A n n e x d e s c r i b e s t h e a t t r i b u t e s o f e n h a n c e d r i s k m a n a g e m e n t a n d r e c o g n i z e s t h a t w h i l e a l l o r g a n i z a t i o n s m a n a g e r i s k i n s o m e w a y a n d t o s o m e e x t e n t t h i s m a y n o t a l w a y s b e o p t i m a l . T h e p r o c e s s d e s c r i b e d f o r m a n a g i n g r i s k i s i d e n t i c a l t o t h a t i n A S / N Z S 4 3 6 0 : 2 0 0 4 . T h i s S t a n d a r d i s i d e n t i c a l w i t h , a n d h a s b e e n r e p r o d u c e d f r o m I S O 3 1 0 0 0 : 2 0 0 9 ,
Risk m a n a g e m e n t — P r i n c i p l e s a n d g u i d e l i n e s. M i n o r c h a n g e s h a v e b e e n m a d e t o t h e I n t r o d u c t i o n t o a d d r e s s t h e a p p l i c a t i o n o f t h e S t a n d a r d i n A u s t r a l i a a n d N e w Z e a l a n d . A s t h i s S t a n d a r d i s r e p r o d u c e d f r o m a n I n t e r n a t i o n a l S t a n d a r d , t h e f o l l o w i n g a p p l i e s : ( i ) I t s n u m b e r d o e s n o t a p p e a r o n e a c h p a g e o f t e x t a n d i t s i d e n t i t y i s s h o w n o n l y o n t h e c o v e r a n d t i t l e p a g e . ( i i ) I n t h e s o u r c e t e x t ‘ t h i s I n t e r n a t i o n a l S t a n d a r d ’ s h o u l d r e a d ‘ t h i s A u s t r a l i a n / N e w Z e a l a n d S t a n d a r d ’ . T h e t e r m ‘ i n f o r m a t i v e ’ i s u s e d t o d e f i n e t h e a p p l i c a t i o n o f t h e a n n e x t o w h i c h i t a p p l i e s . A n i n f o r m a t i v e a n n e x i s o n l y f o r i n f o r m a t i o n a n d g u i d a n c e .C O N T E N T SP a g e1 Scope....................................................................... 12 Terms and definitions............................................. 13 Principles................................................................ 74 Framework ............................................................. 84.1 General ................................................................. 84.2 Mandate and commitment.................................... 94.3 Design of framework for managing risk................. 104.3.1 Understanding of the organization and its context..... 104.3.2 Establishing risk management policy.................. 104.3.3 Accountability................................................... 114.3.4 Integration into organizational processes........... 114.3.5 Resources ......................................................... 114.3.6 Establishing internal communication and reporting mechanisms.... 124.3.7 Establishing external communication and reporting mechanisms... 124.4 Implementing risk management ...................................................... 124.4.1 Implementing the framework for managing risk............................ 124.4.2 Implementing the risk management process.................................. 134.5 Monitoring and review of the framework......................................... 134.6 Continual improvement of the framework........................................ 135 Process.............................................................................................. 135.1 General........................................................................................... 135.2 Communication and consultation ................................................... 145.3 Establishing the context.................................................................... 155.3.1 General ........................................................................................ 155.3.2 Establishing the external context.................................................. 155.3.3 Establishing the internal context.................................................... 155.3.4 Establishing the context of the risk management process .............. 165.3.5 Defining risk criteria....................................................................... 175.4 Risk assessment ............................................................................... 175.4.1 General ......................................................................................... 175.4.2 Risk identification.......................................................................... 175.4.3 Risk analysis.................................................................................. 18
5.4.4 Risk evaluation.............................................................................. 185.5 Risk treatment................................................................................. 185.5.1 General.......................................................................................... 185.5.2 Selection of risk treatment options................................................ 195.5.3 Preparing and implementing risk treatment plans ........................ 205.6 Monitoring and review ................................................................... 205.7 Recording the risk management process........................................... 21Annex A(informative) Attributes of enhanced risk management......................... 22Bibliography.......................................................................................... 24iiiT h i s i s a f r e e 9 p a g e s a m p l e . A c c e s s t h e f u l l v e r s i o n o n l i n e .I N T R O D U C T I O NO r g a n i z a t i o n s o f a n y k i n d f a c e i n t e r n a l a n d e x t e r n a l f a c t o r s a n d i n f l u e n c e s t h a t m a k e i t u n c e r t a i n w h e t h e r , w h e n a n d t h e e x t e n t t o w h i c h t h e y w i l l a c h i e v e o r e x c e e d t h e i r o b j e c t i v e s . T h e e f f e c t t h i s u n c e r t a i n t y h a s o n t h e o r g a n i z a t i o n ’ s o b j e c t i v e s i s “ r i s k ” . A l l a c t i v i t i e s o f a n o r g a n i z a t i o n i n v o l v e r i s k . O r g a n i z a t i o n s m a n a g e r i s k b y a n t i c i p a t i n g , u n d e r s t a n d i n g a n d d e c i d i n g w h e t h e r t o m o d i f y i t . T h r o u g h o u t t h i s p r o c e s s t h e y c o m m u n i c a t e a n d c o n s u l t w i t h s t a k e h o l d e r s a n d m o n i t o r a n d r e v i e w t h e r i s k a n d t h e c o n t r o l s t h a t a r e m o d i f y i n g t h e r i s k . T h i s S t a n d a r d d e s c r i b e s t h i s s y s t e m a t i c a n d l o g i c a l p r o c e s s i n d e t a i l . T h i s i s a n e w s t a n d a r d f o r m a n a g i n g r i s k t h a t s u p e r s e d e s A S / N Z S 4 3 6 0 : 2 0 0 4 . I t b u i l d s u p o n t h e p r o c e s s e s c o n t a i n e d i n t h e s u p e r s e d e d s t a n d a r d . W h i l e a l l o r g a n i z a t i o n s m a n a g e r i s k t o s o m e d e g r e e , t h i s S t a n d a r d e s t a b l i s h e s a n u m b e r o f p r i n c i p l e s t h a t n e e d t o b e s a t i s f i e d b e f o r e r i s k m a n a g e m e n t w i l l b e e f f e c t i v e . T h i s S t a n d a r d r e c o m m e n d s t h a t o r g a n i z a t i o n s s h o u l d h a v e a f r a m e w o r k t h a t i n t e g r a t e s t h e p r o c e s s f o r m a n a g i n g r i s k i n t o t h e o r g a n i z a t i o n ' s o v e r a l l g o v e r n a n c e , s t r a t e g y a n d p l a n n i n g , m a n a g e m e n t , r e p o r t i n g p r o c e s s e s , p o l i c i e s , v a l u e s a n d c u l t u r e . R i s k m a n a g e m e n t c a n b e a p p l i e d a c r o s s a n e n t i r e o r g a n i z a t i o n , t o i t s m a n y a r e a s a n d l e v e l s , a s w e l l a s t o s p e c i f i c f u n c t i o n s , p r o j e c t s a n d a c t i v i t i e s . A l t h o u g h t h e p r a c t i c e o f r i s k m a n a g e m e n t h a s b e e n d e v e l o p e d o v e r t i m e a n d w i t h i n m a n y s e c t o r s t o m e e t d i v e r s e n e e d s , t h e a d o p t i o n o f c o n s i s t e n t p r o c e s s e s w i t h i n a c o m p r e h e n s i v e f r a m e w o r k h e l p s e n s u r e t h a t r i s k i s m a n a g e d e f f e c t i v e l y , e f f i c i e n t l y a n d c o h e r e n t l y a c r o s s a n o r g a n i z a t i o n . T h e g e n e r i c a p p r o a c h d e s c r i b e d i n t h i s S t a n d a r d p r o v i d e s t h e p r i n c i p l e s a n d g u i d e l i n e s f o r m a n a g i n g a n y f o r m o f r i s k i n a s y s t e m a t i c , t r a n s p a r e n t a n d c r e d i b l e m a n n e r a n d w i t h i n a n y s c o p e a n d c o n t e x t . T h e r e l a t i o n s h i p b e t w e e n t h e p r i n c i p l e s f o r m a n a g i n g r i s k , t h e f r a m e w o r k i n w h i c h i t o c c u r s a n d t h e r i s k m a n a g e m e n t p r o c e s s d e s c r i b e d i n t h i s S t a n d a r d i s s h o w n i n F i g u r e
1 . W h e n i m p l e m e n t e d a n d m a i n t a i n e d i n a c c o r d a n c e w i t h t h i s S t a n d a r d , t h e m a n a g e m e n t o f r i s k e n a b l e s a l l o r g a n i z a t i o n s t o , f o r e x a m p l e —(a) i n c r e a s e t h e l i k e l i h o o d o f a c h i e v i n g o b j e c t i v e s ;(b) e n c o u r a g e p r o a c t i v e m a n a g e m e n t ;(c) b e a w a r e o f t h e n e e d t o i d e n t i f y a n d t r e a t r i s k t h r o u g h o u t t h e o r g a n i z a t i o n ;(d) i m p r o v e t h e i d e n t i f i c a t i o n o f o p p o r t u n i t i e s a n d t h r e a t s ;(e) a c h i e v e c o m p a t i b l e r i s k m a n a g e m e n t p r a c t i c e s b e t w e e n o r g a n i z a t i o n s a n d n a t i o n s ;(f) c o m p l y w i t h r e l e v a n t l e g a l a n d r e g u l a t o r y r e q u i r e m e n t s a n d i n t e r n a t i o n a l n o r m s ;(g) i m p r o v e f i n a n c i a l r e p o r t i n g ;(h) i m p r o v e g o v e r n a n c e ;(i) i m p r o v e s t a k e h o l d e r c o n f i d e n c e a n d t r u s t ;(j) e s t a b l i s h a r e l i a b l e b a s i s f o r d e c i s i o n m a k i n g a n d p l a n n i n g ; (k)i m p r o v e c o n t r o l s ;(l) e f f e c t i v e l y a l l o c a t e a n d u s e r e s o u r c e s f o r r i s k t r e a t m e n t ;(m) i m p r o v e o p e r a t i o n a l e f f e c t i v e n e s s a n d e f f i c i e n c y ;(n) e n h a n c e h e a l t h a n d s a f e t y p e r f o r m a n c e a s w e l l a s e n v i r o n m e n t a l p r o t e c t i o n ;(o) i m p r o v e l o s s p r e v e n t i o n a n d i n c i d e n t m a n a g e m e n t ; m i n i m i z e l o s s e s ;(q) i m p r o v e o r g a n i z a t i o n a l l e a r n i n g ; a n d(r) i m p r o v e o r g a n i z a t i o n a l r e s i l i e n c e .
T h i s S t a n d a r d i s i n t e n d e d t o m e e t t h e n e e d s o f a w i d e r a n g e o f s t a k e h o l d e r s i n c l u d i n g — ( i ) t h o s e a c c o u n t a b l e f o r a c h i e v i n g o b j e c t i v e s a n d t h e r e f o r e e n s u r i n g t h a t r i s k i s e f f e c t i v e l y m a n a g e d w i t h i n t h e o r g a n i z a t i o n a s a w h o l e o r w i t h i n a s p e c i f i c a r e a , p r o j e c t o r a c t i v i t y ;
( i i ) t h o s e r e s p o n s i b l e f o r d e v e l o p i n g r i s k m a n a g e m e n t p o l i c y w i t h i n t h e i r o r g a n i z a t i o n ;
( i i i ) t h o s e w h o n e e d t o e v a l u a t e a n o r g a n i z a t i o n e f f e c t i v e n e s s i n m a n a g i n g r i s k ; a n d
( i v ) d e v e l o p e r s o f s t a n d a r d s , g u i d e s , p r o c e d u r e s , a n d c o d e s o f p r a c t i c e t h a t i n w h o l e o r i n p a r t s e t o u t h o w r i s k i s t o b e m a n a g e d w i t h i n t h e s p e c i f i c c o n t e x t o f t h e s e d o c u m e n t s . O r g a n i z a t i o n s w i t h e x i s t i n g r i s k m a n a g e m e n t p r o c e s s e s c a n u s e t h i s S t a n d a r d t o c r i t i c a l l y r e v i e w , a l i g n a n d i m p r o v e t h e i r e x i s t i n g p r a c t i c e s . T h o s e w h o s e r i s k m a n a g e m e n t f r a m e w o r k h a s b e e n b a s e d o n A S / N Z S 4 3 6 0 : 2 0 0 4 w i l l t h e r e b y b e n e f i t f r o m t h e a d d i t i o n a l c o n c e p t s a n d p r a c t i c e s i n t h i s S t a n d a r d . I n t h i s
S t a n d a r d , t h e e x p r e s s i o n s “ r i s k m a n a g e m e n t ” a n d “ m a n a g i n g r i s k ” a r e b o t h u s e d . I n g e n e r a l t e r m s , “ r i s k m a n a g e m e n t ” r e f e r s t o t h e a r c h i t e c t u r e ( p r i n c i p l e s , f r a m e w o r k a n d p r o c e s s ) f o r m a n a g i n g r i s k s e f f e c t i v e l y , a n d “ m a n a g i n g r i s k ” r e f e r s t o a p p l y i n g t h a t a r c h i t e c t u r e t o p a r t i c u l a r r i s k s .
M a n d a t e a n d c o m m i t m e n t ( 4 . 2 ) I m p l e m e n t i n g r i s k m a n a g e m e n t ( 4 . 4 ) D e s i g n o f f r a m e w o r k f o r managing r i s k ( 4 . 3 ) C o n t i n u a l i m p r o v e m e n t o f t h e f r a m e w o r k ( 4 . 6 ) M o n i t o r i n g a n d r e v i e w o f t h e f r a m e w o r k ( 4 . 5 )
F r a m e w o r k ( C l a u s e 4 ) a ) C r e a t e s v a l u e b ) I n t e g r a l p a r t o f o r g a n i z a t i o n a l p r o c e s s e s c ) P a r t o f d e c i s i o n m a k i n g d ) E x p l i c i t l y a d d r e s s e s u n c e r t a i n t ye ) S y s t e m a t i c , s t r u c t u r e d a n d t i m e l y f ) B a s e d o n t h e b e s t a v a i l a b l e i n f o r m a t i o n g ) T a i l o r e d h ) T a k e s h u m a n a n d c u l t u r a l f a c t o r s i n t o a c c o u n ti ) T r a n s p a r e n t a n d i n c l u s i v e j ) D y n a m i c , i t e r a t i v e a n d r e s p o n s i v e t o c h a n g e k ) F a c i l i t a t e s c o n t i n u a l i m p r o v e m e n t a n d e n h a n c e m e n t o f t h e o r g a n i z a t i o n P r i n c i p l e s ( C l a u s e 3 ) P r o c e s s ( C l a u s e 5 ) E s t a b l i s h i n g t h e c o n t e x t ( 5 . 3 ) R i s k a s s e s s m e n t ( 5 . 4 ) R i s k i d e n t i f i c a t i o n ( 5 . 4 . 2 ) R i s k a n a l y s i s ( 5 . 4 . 3 ) R i s k e v a l u a t i o n ( 5 . 4 . 4 ) R i s k t r e a t m e n t ( 5 . 5 ) C o m m u n i c a t i o n a n d c o n s u l t a t i o n ( 5 . 2 ) M o n i t o r i n g a n d r e v i e w ( 5 . 6 )
Figure 1 — Relationships between the risk management principles, framework and process
R i s k m a n a g e m e n t — P r i n c i p l e s a n d g u i d e l i n e s
1 Scope
This International Standard provides principles and generic guidelines on risk management. This International Standard can be used by any public, private or community enterprise, association, group or individual. Therefore, this International Standard is not specific to any industry or sector.
NOTE For convenience, all the different users of this International Standard are referred to by the general term“ organization”.This International Standard can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets. This International Standard can be applied to any type of risk, whatever its nature, whether having positive or negative consequences. Although this International Standard provides generic guidelines, it is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed. It is intended that this International Standard be utilized to harmonize risk management processes in existing and future standards. It provides a common approach in support of standards dealing with specific risks and/or sectors, and does not replace those standards. This International Standard is not intended for the purpose of certification.
2 Terms and definitionsFor the purposes of this document, the following terms and definitions apply.
2.1 risk effect of uncertainty on objectivesNOTE 1 An effect is a deviation from the expected — positive and/or negative. NOTE 2 Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process).NOTE 3 Risk is often characterized by reference to potential events (2.17) and consequences(2.18), or a combination of these. NOTE 4 Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (2.19) of occurrenceDI AS/NZS ISO 31000:2009 Risk management - Principles and guidelines
