ISO 31000

Risk Management – Guidelines


In performing their activities, all types of organizations, regardless of their size, encounter internal or external factors that lead to uncertainty as to whether and when the set goals will be achieved.

All activities of the organization involve the existence of risks. The organization manages these risks by identifying, analyzing, evaluating, and making decisions about how to deal with them. During the risk management process, the organization communicates with interested parties and monitors and reviews risks and control measures that reduce risk and provide a level at which it is no longer necessary to treat such risks.

The ISO 31000 standard recommends that the organization develops, implements and constantly improves the framework whose purpose is to integrate the risk management process throughout the organization, ie. at the company level (in management processes, strategy definition and planning, reporting processes, policies, company values and corporate culture).

Risk management can be applied at all levels of the organization – from the company level, through individual organizational parts, all the way to individual projects and activities.

The ISO 31000 standard provides generic guidelines for risk management throughout the organization.

According to the ISO 31000 standard, the risk management process, with constant communication and consultation with interested parties, includes:

  • Determining the context
  • Risk identification
  • Risk analysis
  • Risk assessment
  • Dealing with risk (risk treatment)
  • Monitoring and reviewing


By applying a risk management process according to ISO 31000, organization can have multiple benefits:

  • increasing probability of achieving the set business goals,
  • encouraging proactive action of management,
  • raising awareness and understanding of the need to identify and treat risks in organization,
  • improving the ability to identify opportunities and threats,
  • increased compliance with relevant regulations and international standards,
  • improving the management, reporting, trust of interested parties,
  • establishing a reliable basis for decision-making and planning,
  • reduction of losses, more efficient use of resources,
  • business improvement,
  • improving the health and safety of employees,
  • environmental protection,
  • improving the organization’s resilience to threats, etc.