Swamedia Logo

ISO 31000:2018 Risk Management

Posted by admin on 28 Jan 2024 19:51 | 149 Views

ISO 31000:2018 Risk Management

In February 2018, the International Standards Organization (ISO) published ISO 31000:2018 Risk Management Guidelines. This standard replaces ISO 31000:2009 Risk Management Principles and Guidelines published in November 2009. This revision is part of the systematic review process applied to all ISO standards.

Risk Management Process According to ISO 31000:2018

According to ISO 31000:2018 Risk Management Guideline, the risk management process is a systematic process of implementing policies, procedures, and practices related to risk communication and consultation activities, determining the scope, context, and criteria of risk, carrying out risk assessment which consists of risk identification, risk analysis and risk evaluation, risk treatment, monitoring and review, recording and reporting.

The risk management process must be an integral part of the management and decision-making process, integrated into all organizational structures, operations and processes, and applied at both the strategic, routine and non-routine operational, and project levels.

There are many forms of risk management process application in an organization that is modified in such a way as to ensure the achievement of organizational goals and align with the organization's external and internal context.

The risk management process must ensure that the dynamics and uncertainties created by human behavior and organizational culture receive adequate and effective attention and handling. Even though the explanation above presents the risk management process sequentially, in practice, the process runs iteratively.

Implementation of Top-Down and Bottom-Up Risk Management

The implementation of risk management can be carried out top-down and bottom-up. Each implementation cycle begins with a high-level risk interview/discussion involving the organization's management (or the Board of Directors and Board of Commissioners in the company) as resource persons to obtain strategic views regarding the organization's external and internal context, organizational goals, and various risk issues involved

Furthermore, the context, targets, and various risk issues discussed with the organization's management are cascaded into the entire risk assessment process which is carried out using a bottom-up approach, involving all process owners.

The output from the top-down and bottom-up processes is then harmonized and the results are summarized into a complete and comprehensive company risk profile. After being approved by the organization's management, it is used as a guide in risk management for the current period and as material for communication and information with various stakeholders

Referensi :