Please enable JavaScript.

Coggle requires JavaScript to display documents.

ISO 31000:2018 - Coggle Diagram

- - - - Establishing the context
      - Risk assessment
      - Risk treatment
    - - Establishing the context
        
        Establishing the context includes understanding the internal and external drivers that may affect an organisation's exposure to risk, such as the physical environment, technology, organisational structures and processes
        
        Context also means understanding the types of risk that may affect an organisation and the various assessment and controls tools that are available for use
        
        The aim is to ensure that the organisation understands the range and scope of its objectives and activities, and the risks that are associated with them
      - Risk Assessment
        
        Risk assessment means that an organisation should identify, analyse and evaluate its exposure to all sources of risk to its objectives
        
        Risk assessment may involve the use of statistical models or qualitative judgement
      - Risk treatment
        
        Risk treatment is another term for risk control.
        
        The aim is to ensure that the level of exposure is controlled - not too high or too law
        
        The level of control will be influenced by the risk appetite of an organisation
      - Communication and consultation
        
        This is about communicating risk management information (such as risk management policies and procedures, or risk exposures) in a timely, accurate and factual way
        
        Risk communication includes consulting with key stakeholders to ensure that they understand the risks that an organisation is taking and are satisfied that the organisations approach to managing these risks is appropriate
        
        Communication seeks to promote awareness and understanding of risk and how to deal with it whereas consultation involves obtaining feedback and information to support decision making
      - Recording and reporting
        
        Recording means ensuring that identified risks are documented properly
        
        It also means documenting risk management processes and procedures to ensure that they are understood clearly and implemented coherently across the organisation
        
        Reporting means reporting on an organisation's risk exposures and the measures taken to control these exposures to relevant decision makers and stakeholders
      - Monitoring and review
        
        Monitoring and reviewing is about learning, improving and adapting
        
        The performance of an organisation's risk management framework can vary
        
        If performance declines, changes may be required to maintain the efficiency and effectiveness of the framework
        
        Performance monitoring and review night include activities such as audits, control effectiveness reviews and compliance reviews
        
        ISO 31000 makes it clear that organisations should review and upgrade their risk management activities on a regular basis
        
        Risk and an organisations exposures to risk are never static