ISO 31000:2009, “Risk management – Principles and guidelines,” is the essential standard on enterprise risk management (ERM). Adopted by a number of countries both as direct adoptions (such as AS/NZS ISO 31000 (Australia) and CAN/CSA ISO 31000 (Canada)) and as embedded adoptions (ANSI/ASSE Z690.2 (United States)), the standard establishes a common framework and reference points for risk.
ISO 31000 grew from the work of Alcoa of Australia in the 1990’s that was the basis of the 1995 release of the AS/NZS 4360 standard, “Risk Management.” The ISO standard is separated into three areas:
1. Risk Management principles (11 principles for managing risk)
2. Risk Management framework (5 components to the framework for managing risk)
3. Risk Management process (5 processes for managing risk)
There are a number of guides written to provide assistance to organizations in the process of adopting this ISO standard.
BS 31100, 2011 Edition from 6/2011, “Risk management. Code of practice and guidance for the implementation of BS ISO 31000,” from the United Kingdom.
Created by UK risk management experts, BS 31100:2011 gives you practical and specific recommendations on how to put the key principles of effective risk management into place in your organization using real life case studies.
HB-158, 2010 Edition, “Delivering assurance based on ISO 31000:2009 – Risk management – Principles and guidelines,” from Australia.
This Handbook is a guide for internal auditors and any other assurance provider such as External auditors; Information system control professionals – internal or external auditors, security professionals; Safety, health and environmental auditors; and Quality auditors.
This Handbook draws on the revised HB 436 and the IIA’s ‘International Professional Practices Framework’ (IPPF) with respect to using and assuring the ISO 31000:2009 risk management process. In particular, it describes how to use the risk management process to:
Develop a risk-based assurance strategy and program;
Plan an assurance engagement;
Report the assurance program; and
Design controls.
CSA Q31001-11, 2011 “Implementation guide to CAN/CSA ISO 31000, Risk management – Principles and guidelines,” from Canada.
Provides principles and generic guidelines on risk management.
All of these documents can be purchased from Document Center Inc. by way of our website, www.document-center.com. Or contact us by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com). We’re ready to assist you with any questions you may have.
