ISO 31000:2018 aims at providing a guideline for decision makers with regards to risk management. It can be used by any organization regardless of its size, activity or sector. For a better understanding of the concept of risk management in ISO31000:2018, it is important to consider the three fundamental pillars: the principles, the framework and the risk management process (website of ISO 31000).
Principles
Aims to create and protect value in line with organization’s objectives and mandate. For risk management to be effective, an organization should at all levels comply with a different set of principles. The standard stresses on the importance of nice principles that need to be satisfied.
Framework
Components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organization.
Risk Management Process
The risk management process aids in the systematic application of management policies, procedures and practices with regards to the activities of communicating, consulting, establishing the context, assessment, treating, monitoring and reviewing risk.