Risk Management Principles

As mentioned in the earlier Risk Terminology article, the purpose of risk management is the creation and protection of value. It improves performance, encourages innovation and supports the achievement of objectives.

ISO 31000:2018, “Risk Management – Guidance”, describes eight principles that provide guidance on the characteristics of effective and efficient risk management, communicating its value, and explaining its intention and purpose.

These principles are the foundation for managing risk and should be considered when establishing your risk management framework and and processes (see the other risk management articles in this newsletter issue). These principles should enable an organization to manage the effects of uncertainty on its objectives.

1. Integrated
Risk management is an integral part of all organizational activities.

2. Structured and comprehensive
A structured and comprehensive approach to risk management contributes to consistent and comparable results.

3. Customized
The risk management framework and process are customized and proportionate to the organization’s external and internal context related to its objectives.

4. Inclusive
Appropriate and timely involvement of stakeholders enables their knowledge, views, and perceptions to be considered. This results in improved awareness and informed risk management.

5. Dynamic
Risks can emerge, change, or disappear as an organization’s external and internal context changes. Risk management anticipates, detects, acknowledges, and responds to those changes and events in an appropriate and timely manner.

6. Best available information
The inputs to risk management are based on historical and current information, as well as, on future expectations. Risk management explicitly takes into account any limitations and uncertainties associated with such information and expectations. Information should be timely, clear, and available to relevant stakeholders.

7. Human and cultural factors
Human behavior and culture significantly influence all aspects of risk management at each level and stage.

8. Continual improvement
Risk management is continually improved through learning and experience.

ISO 31000:2018
See ISO 31000:2018, “Risk Management – Guidelines”, for more details on establishing a risk management program. You can order the standard at this ISO web page for about $90.