ISO 31000 Risk Management

ISO 31000 is the formal recognition of ERM by the international standards organization.
ISO 31000 is a ‘risk management – principle and guideline’ provides a reference framework that organization can use to design, build, implement and audit their ERM.
VISION ISO provide ISO 31000 consulting and implementation support. 

This includes:
– Understanding organization context
– Enterprise risk mapping
– Prioritizing risk
– Risk assessment
– Risk management options
– Risk dashboard
– Control enforcement
– Policy/documentation support
– Training
-Coaching chief risk officers
– Coaching teams/employees
– Internal audit and Management review.

The risk management process involves:

Establishing Context

This includes an understanding of the current conditions in which the organization operates on an internal, external and risk management context.

Identifying Risks

This includes the documentation of the material threats to the organization’s achievement of its objectives and the representation of areas that the organization may exploit for competitive advantage.

Analyzing/Quantifying Risks

This includes the calibration and, if possible, creation of probability distributions of outcomes for each material risk.

Integrating Risks

This includes the aggregation of all risk distributions, reflecting correlations and portfolio effects, and the formulation of the results in terms of impact on the organization’s key performance metrics.

Assessing/Prioritizing Risks

This includes the determination of the contribution of each risk to the aggregate risk profile, and appropriate prioritization.

Treating/Exploiting Risks

An evaluation of your current capabilities against the standard.

Monitoring and Reviewing

This includes the continual measurement and monitoring of the risk environment and the performance of the risk management strategies.