Firstodiion2009-11-15
Riskmanagement Principlesandguidelines ASRODNROMANA
Management du risque --Principes et lignes directrices
ISO31000:2009(E)
ICS03.100.01 Price based on 24 pages 18O200nghts reerved
Riskmanagement-Principles and guidelines
Scope
ThisIntenationalStandard canbe used byanypublicprivate ormunityenterpriseassociationgroup or individual.hereforehisIntemational Standard isnot specific to anyindustry rsectar.
For convenlence. all the different usars of this Intermational Standard are referred to by the general tem
activities including strategies and decisionsoperations processes functions projects productsservices and assets.
negative consequences.
Although this International Standard provides generic guidelines i is not intended to promote unifomity of riskframeworkswillneedtotakeintoaccount thevaryingneedsofpecificorganizationitsparticularbjectivescontext structure operations processes functions projectsproducts,services or assets and specific practices employed.
ix sssd yu i pn ps sl pi i1and fulure standards.lt provides a mon approach in support of standards dealing with specific risks and/or sectors and does not replace those standards.
This International Standard is not intended for the purpose of certification.
2 Terms and definitions
For the purposes of this document the following terms and definitions apply.
2.1 risk
effect of uncertainty on objectives
NOTE1 An effect is a devlation from the expected-positive andlor negative.
d NOTE2
Risk isohen characterized by raferance to potential events (2.17) and consequences (2.18).oraNOTE3 bination of these.
NOTE4 Risk is ofton expressed in terms of a blnation of the consequences of an event (including changes inircumstances)and the associatod likolihood(2.19) of ocouenco.
ISO31000:2009(E)
event its consequnce r likelihood. NOTE5 Uncaintysth statevnilfdicienyfifmtinlad tundestanding rknidg n
[ISO Guide 73:2009 definition 1.1]
2.2
riskmanagement
[ISO Guide 73:2009 definition 2.1]
2.3
riskmanagement framework set of ponents that provide the foundations and organizational arrangements for designing.implementing
NOTE1 The foundations include the poicy.objectves mandate and miment to manage rlsk (2.1).
activities. NOTE2 The organizatnlrangement include planrllonshpcountltsresourcesprocesssand
NOTE3pollcies and practices.
[ISO Guide73:2009 definition 2.1.1]
riskmanagement policy
[ISO Guide 73:2009 definition 2.1.2]
2.5
risk attitude
organizatins approach to assess and eventually pursue retain take or tum away from risk (2.1)
[ISO Guide73:2009 definition 3.7.1.1]
2.6
risk management plan
scheme within the risk management framework (2.3) specifying the approach the management
and timing of activities. NOTE1 Management cmponents typically include procedures practicesassignment frespansibiliessequen
The risk management plan can be applied to a particular product process and projecl and part or whole of
[SO Guide73:2009 definition 2.1.3]
2.7
riskowner
person or entity with the accountability and authority to manage a risk (2.1)
[ISO Guide 73:2009 definition 3.5.1.5]
2.8
riskmanagement process
systematic appllcation ofmanagement policiesprocedures and practices to the activities of municating.reviewing risk (2.1)
[SO Guide 73:2009 definition 3.1]
2.9
establishing the context
defining the external andinternal parameters to be taken into account when managing riskand setting the
[ISO Guide 73:2009 definition 3.3.1]
2.10
external context
external environmentin which the organization seeks to achieve its objectives
Extermal context cen include:NOTE
the culturalsocialpolticallgalregulatory.fnancalchnologicalconomicnauraland cmpttivenvronmn whether intemational national regional ar local;key drivers and trends having impact on the objectives of the organization; andrelatlonships with and perceptions and values af exlernal stakeholders (2.13).
[ISO Guide 73:2009 definition 3.3.1.1]
2.11
internal context
intermal environment in which the organization seeks to achleve its objectives
NOTE Intemal context can include:
govemance organizational structure roles and accountabilties;policiesobjctivesand the strateges thatareinplace to achieve themthecapabltndsoodinmsfeursnd wedeitalprssssytndtechnalogies);information systems information flows and decision-making processes(both fomal and informal);the organization’s cuture;pueuoezuefuo q pdope sopo pue soupinspuesfonm and extent of contractual relationships.
[ISO Guide 73:2009 definition 3.3.1.2]
2.12.
munication and consultation
continual anditerative processes that an organization conducts to provideshare orobtain information and to engage in dialogue with stakeholders (2.13) regarding the management of risk (2.1)
