RISK TOPIC 2: ISO 31000 (Risk management plan (describes how it intends to…
RISK TOPIC 2: ISO 31000
According to ISO 31000, risk is the “effect of uncertainty on objectives”
and an effect is a positive or negative deviation from what is expected.
refers to a coordinated set of activities and
methods that is used to direct an organization and to control
the many risks that can affect its ability to achieve objectives.
also refers to the architecture that is used to manage
risk. This architecture includes risk management principles, a risk
management framework, and a risk management process.
Risk management framework
a set of components that support and sustain risk management throughout an organization.
include your risk
management policy, objectives, mandate, and commitment.
include the plans, relationships, accountabilities, resources, processes, and activities you use to manage your organization’s risk.
Risk management policy
defines a general commitment, direction, or intention. A risk management policy statement expresses an organization’s commitment to risk management and clarifies its general direction or intention.
defines its general approach to risk
influence how risks are assessed and addressed. An organization’s attitude towards risk influences whether or not risks are taken, tolerated, retained, shared, reduced, oravoided, and whether or not risk treatments are implemented or postponed.
Risk management plan
describes how it intends to manage risk
describes the management components, the approach,
and the resources that will be used to manage risk.
components include procedures, practices, responsibilities,and activities
(including their sequence and timing).
is a person or entity that has been given the authority
to manage a particular risk and is accountable for doing so.
Risk management process
is one that
systematically applies management policies, procedures, and practices to a set of activities intended to establish the context,communicate and consult with stakeholders, and identify, analyze, evaluate, treat, monitor, and review risk.