ISO 31000:2018 Risk Management Framework

Organization:

Location:

1 PLAN THE ESTABLISHMENT OF YOUR RISK MANAGEMENT FRAMEWORK

• Ask stakeholders to support the establishment of a framework.

• Ask top management to support the establishment of a framework

• Evaluate your existing risk management practices and processes.

• Identify gaps in your risk management practices and processes

• Establish a framework that meets your organization's unique needs.

• Establish a framework that fills the gaps in existing practices and processes.

• Consider how you intend to develop your risk management framework.

• Consider how you're going to design your risk management framework.

• Consider how you're going to fill gaps in your existing practices and procedures.

• Consider how you're going to make risk management part of your organization.

• Consider how you're going to integrate risk management into all significant activities.

• Consider how you're going to build risk management into all decision making activities.

• Consider how you're going to integrate risk management into all significant functions.

• Consider how you're going to build risk management into all governance functions.

• Consider how you're going to implement your risk management framework.

• Consider how you're going to evaluate your risk management framework.

• Consider how you're going to improve your risk management framework.

2 SHOW LEADERSHIP BY MAKING A COMMITMENT TO RISK MANAGEMENT

• Ask your leaders to support a risk management framework.

• Ask your leaders to make a commitment to risk management.

• Ask oversight bodies to make a commitment to risk management.

• Ask oversight bodies to understand the unique risks facing the organization.

• Ask oversight bodies to monitor the unique risks facing the organization.

• Ask oversight bodies to define the amount and type of risk that may be taken

• Ask oversight bodies to align risk management with the organization's strategy

• Ask oversight bodies to align risk management with the organization's culture.

• Ask oversight bodies to align risk management with organizational objectives.

• Ask oversight bodies to align risk management with organizational obligations.

• Ask oversight bodies to align risk management with voluntary commitments.

• Ask oversight bodies to be accountable for overseeing risk management

• Ask them to ensure that risks are understood throughout the organization.

• Ask them to ensure that risks are communicated throughout the organization.

• Ask them to ensure that risk management methods are communicated.

• 33 Ask them to ensure that risk management is integrated into all activities.

• Ask them to ensure that risk management systems are implemented.

• Ask them to ensure that risk management systems are operating effectively.

• Ask them to ensure that risk is properly evaluated when setting objectives.

• Ask them to ensure that risk is properly managed when achieving objectives.

• Ask oversight bodies to communicate the value of risk management.

• Ask them to communicate the value of risk management to the organization.

• Ask them to communicate the value of risk management to stakeholders

• Ask top management to make a commitment to risk management.

• Ask top management to align risk management with the organization's strategy.

• Ask top management to align risk management with the organization's culture.

• Ask top management to align risk management with organizational objectives.

• Ask top management to align risk management with organizational obligations.

• 46 Ask top management to align risk management with voluntary commitments.

• Ask top management to ensure that appropriate risk criteria are developed

• Ask them to ensure that risk criteria are communicated throughout the organization.

• Ask them to ensure that risk criteria are communicated to all relevant stakeholders

• Ask top management to communicate the value of risk management.

• Ask managers to communicate the value of risk management to the organization.

• Ask managers to communicate the value of risk management to stakeholders.

• Ask top management to be accountable for managing risk management

• Ask them to ensure that risk management is integrated into all activities.

• Ask top management to monitor the unique risks facing their organization.

• Ask top management to encourage personnel to systematically monitor risks.

• Ask your leaders to establish a risk management framework.

• Ask them to develop a framework that meets the organization's needs.

• Ask them to prepare a general risk management policy statement

• Ask them to define their general approach to risk management.

• Ask them to prepare a general risk management plan of action.

• Ask them to make people accountable for managing risk

• Ask them to assign risk management responsibilities.

• Ask them to assign responsibilities at all appropriate levels.

• Ask them to delegate risk management authorities.

• Ask them to delegate authorities at all appropriate levels.

• Ask them to allocate all required risk management resources.

• Ask them to monitor the application of their risk management framework.

• Ask them to ensure that it remains appropriate to the organization's context.

3 MAKE YOUR ORGANIZATION’S PERSONNEL RESPONSIBLE FOR MANAGING RISK

• Make risk management an integral part of your organization's culture.

• Ask everyone in your organization to be responsible for managing risk.

• Ask your governance personnel to be responsible for managing risk.

• Ask them to be responsible for making risk management part of governance.

• Ask them to be responsible for making it part of the organization's purpose.

• Ask them to be responsible for making it part of the organization's direction.

• Ask them to be responsible for making it part of the organization's strategy.

• Ask them to be responsible for making risk management part of management.

• Ask them to make management accountable for implementing risk management.

• Ask your management personnel to be responsible for managing risk.

• Ask them to make risk management part of the organization's roles.

• Ask them to make risk management part of the organization's policies.

• Ask them to make risk management part of the organization's objectives.

• Ask them to make risk management part of the organization's operations.

• Ask them to make risk management part of the organization's processes.

• Ask them to make risk management part of the organization's practices.

• Ask them to make risk management part of the organization's rules.

• Ask your rank-and-file personnel to be responsible for managing risk.

• Use iterative methods to build risk management into your organization.

• Make sure that your iterative methods meet your organization's needs

• Make sure that your organization's methods are compatible with its culture

4 DESIGN YOUR ORGANIZATION'S UNIQUE RISK MANAGEMENT FRAMEWORK

• Consider your organization’s context as you design your framework.

• Examine and understand your organization’s external context.

• Consider external influences during framework design.

• Consider external stakeholders during framework design.

• Examine and understand external stakeholder needs.

• Examine and understand external stakeholder values.

• Examine and understand external stakeholder perceptions.

• Examine and understand external stakeholder expectations.

• Examine and understand external stakeholder relationships.

Completed By:

Date Completed:

Reviewed By:

Date Reviewed: