The new international standard on risk management ISO 31000

risk management

The new international standard on risk management ISO 31000


ISO 31000 is a suite of standards relating to risk management created by the international organisation for standardisation. The purpose of 31000 is to provide principles and guidelines on risk management and was first created in 2009. The principles and guidelines are not developed for any particular industry group or management system or particular field of endeavour rather to provide best practice guidance to any organisation or operation concerned with risk management.

In February 2018, a new ISO 31000:2018 was released and recently adopted by Australian standards in October.

One of the main changes in thinking as to how risk is defined in the new standard is to consider risk “as the effect of uncertainty on objectives” and no longer just “the chance or possibility of loss” thus causing the word “risk” to refer to positive consequences of uncertainty as well as negative ones. The updated standard provides more strategic guidance than its predecessor and places more emphasis on both the involvement of senior management and the integration of risk management into the organisation.

The standard suggests that the purpose of risk management is the creation and protection of value. Improved performance, encourages innovation and supports the achievement of objectives. The document outlines eight risk management principles five of which refer to how risk management system should be designed and planned and a further three principles relating to the operation of a risk management system. An effective risk management system requires the elements of the figure outlined below:



Why are these standards important?

The purpose of risk management is essentially to identify potential problems before they occur so that risk handling activities can be planned and put in place to mitigate the adverse impacts should the potential situation arise.

Many business owners have done this instinctively relying on gut instincts or their past experience. As businesses and organisations grow and become more sophisticated and more logical, systematic and articulated approach is required. Indeed, risk management is an integral component of a corporate governance framework which is expected in today’s business environment. ISO 31000:2018 is the guideline for you to consider.

Should you have any questions in relation to the above, or in relation to the other ISO standards, please contact your engagement partner on 02 9283 1666