The principles aim to create and protect value in line with the organization’s objectives and mandate. For risk management to be effective, an organization should at all levels comply with different set of principles. The standard stresses on the importance of eight principles that need to be satisfied as follow:


Risk management should be integrated into the main activities and processes of the organization. It is not a stand-alone activity, and should be part of the management’s responsibilities and an integral part of all organizational processes, including strategic planning and all project and change management processes.


The organization’s internal and external context, as well as risk profile, should be considered in the design and implementation of risk management. Based on the scope, goals and context of the organization, risk management can be customized accordingly.

Structured and Comprehensive

The efficiency to deliver consistent, comparable and reliable results depends on a structured, systematic and timely approach to risk management. The approach should display the developed steps, dependencies, and the associated flows.


Ensuring a relevant and up-to-date risk management should be based on timely and appropriate involvement of stakeholders and decision makers at all levels of the organization. This allows the proper representation of stakeholders by taking their views into consideration in determining risk criteria. 


The dynamic aspect of risk management requires continuous sense and responses to changes. As internal and external events occur, knowledge and context change, review and monitoring of risks take place. This can result in the emergence of new risks, change and/or disappearance of others.

Based on best available information

The proper management of risks requires accurate input that are based on information sources such as observations, historical data, expert judgment, and observation. However, the stakeholders and decision-makers should take into account any limitations of the models and data used in the management of risks.

Consideration of human and cultural factors

The intention, capabilities, and perceptions of internal and external people should be recognized by risk management which can hinder or facilitate the fulfillment of the organization’s objectives.

Continuously Improved

Organizations should design and implement strategies an measures in order to improve the risk management maturity in parallel to all other aspects of their organization. These development and implementation strategis should fulfill the requirnments of core stakeholders.