ISO 31000 Risk Management – Uncertain Events ?

The risk management is the activity which defines the amount of uncertain events, positive or not, that can intervene in the process of accomplishing a company’s objectives, in order to take action and dealing with these threats.

These refer to the risk of failing a project which is in course of development, natural disasters that could endanger the realization of an objective, the unpredictable risks on the financial markets and other circumstances that we can’t control but we can take in consideration and perhaps transfer them and reduce the effects. Risk can be managed, calculated and minimized if certain principles and guidelines are taken in consideration.

There are several public institutions which establish methods to cope with the uncertainties, define risks and propose methods of calculating the impact it could have on achieving the goals. These are Project Management Institute, National Institute of Science and Technology, Federation of European Risk Managements Associates (FERMA), actuarial societies and ISO or The Institute of Risk Management.

The latter one is the author of the book ISO 31000 Risk Management, a group of principles which can guide the organizations through the process of making decisions that involve risk management and includes the following publications: ISO 31000:2009

ISO 31000 Risk Management

Principles and Guidelines on Implementations, ISO/IEC 31010:2009 Risk assessment Techniques – Risk Management and finally ISO Guide 73:2009 Risk Management-Vocabulary.

ISO 31000 Risk Management Applicability

ISO 31000 Risk Management is made to be applied in every sector of activity, engineering, industry, financial portfolios, actuarial assessments and even public health. No matter if it is a private type of organization, a public one or a community enterprise, individual, group or association, no matter of the type of risk, it can be managed through these guidelines adopted even by the Federation of European Risk Management Associates.

ISO 31000 Risk Management principles, published on 13th of November 2009, emphasize the importance of reconsidering the administration’s objectives in order to bring them into line with the ones proposed by ISO, the importance of approaching accountability gaps as a part of the risk management, the need for consistent evaluating criteria and metrics of the risk and finally ISO highlights how important is to create a reporting mechanism of the management system.

Other ISO 31000 principle state that Risk Management should assume the changes and make improvements, should be up to date with information the most important resource in business today, should structure the unfortunate events and make assumptions, should take in consideration the human factor in the process of taking decisions, but the most important role of the risk management is to create vale which means that the effort made to eliminate the risk should exceed the consequences of not taking action or the rapport between the effect and effort should be higher than one according to www.wikipedia.org.

ISO 31000 “Risk Management- Implementation guidelines and also principles” establishes the steps to follow while managing the risks. In a nutshell, the steps are: determine the risks, quantify the risk together with the consequences involved, analyse the options in dealing with the risk (the option of reducing, transferring, avoidance or retention of the risk), conceiving the ISO 31000 Risk Management, implementing the plan and evaluation of the results.