ISO 31000 is an international standard that provides guidance and a framework for an organisation’s risk management system. It was written to provide generic guidelines, meaning its advice is suitable for any organisation, no matter its size or what it does.
Currently, the standard is undergoing revision, with experts working to update details and provide additional clarity. However, for companies looking to implement or improve a risk management system, there’s no need to wait until the new version is published. In its current form, ISO 31000 provides excellent advice, and provides a structured and credible foundation for the project. Any changes to the standard can be adopted once they are finalised in 2016.
So, how can you align your risk management system to match the guidelines of ISO 31000? Here are some of our top tips:
1. Understand the principles of risk management
ISO 31000 sets out clearly the underlying principles of risk management. For example, it explains that risk management should be used to both create and protect value. Risk management should also be made part of every process at every level, and it should be a vital part of the decision-making process.
2. Find the right person to head the project
While ISO 31000 points out that risk management should be a responsibility of every manager, there is also a clear need for somebody to take the lead in a company’s risk management initiative.
Speaking at an international conference about ISO 31000, John Fraser, senior vice president of internal audit at Hydro One Networks Inc, described the implementation of the standard as a “journey” and explained that there are three personality types needed to successfully carry out such a project. These are:
- The champion – This is a person “who can break down doors and make it happen.”
- The go-to person – This individual is charismatic and knows all the ins and outs of the organisation.
- The analyst – This person collects and evaluates the data that supports decisions.
3. Create an appropriate structure
Every organisation is different, in terms of size, nature and complexity, which means that there is no one-size-fits-all approach to managing risk. By tailoring your risk management policies to your company, you’ll be better able to identify and analyse various risks and create a system that can be responsive to your particular challenges.
4. Collect data and make decisions based on evidence
Risk management is all about making informed decisions, and ISO 31000 recommends using the best available information sources.
Of course, this applies not only to your actual risk analysis, but also how you implement your risk management system. Be sure to record and review data about the efficacy of your risk management system as this will help you make improvements.
5. Use dedicated software
JCAD CORE risk management software has been designed using the principles of ISO 31000. It provides businesses with a clear framework for managing risk and compliance. It also ensures that there is a clear link to objectives, strategy and projects. What’s more, we are continually improving and updating our software and it will reflect the changes to ISO 31000 once the new standard is published.
If you’d like to learn more about JCAD CORE and how it can help you implement ISO 31000, please contact us today.