ISO 31000 2009 Plain English Introduction


ISO 31000 is a generic risk management standard. It was developed
by the ISO Technical Management Board Working Group on risk
. The official name of the standard is ISO 31000:2009
Risk management - Principles and guidelines
. ISO published this
new standard on November 13, 2009.

ISO 31000 defines a set of guidelines. We refer to them as guidelines
because they’re voluntary. They’re not requirements or contractual
obligations. They’re suggestions only. These risk management
suggestions or guidelines are discussed in the following sections:

3. Risk Management Principles
4. Risk Management Framework
5. Risk Management Process

Since this standard is all about managing risk, we need to define the term
risk. According to ISO 31000, Part 2.1, risk is the “effect of uncertainty on
, and an effect is a positive or negative deviation from what is
expected. So, risk is the chance that there will be a positive or negative
deviation from the objective you expect to achieve.

ISO 31000 recognizes that organizations operate in an uncertain world.
Whenever you try to achieve an objective, there’s always the chance
that things will not go according to plan. There’s always the chance that
you will not achieve what you expect to achieve. Every step you take to
achieve an objective involves uncertainty. Every step has an element of
risk that needs to be managed. According to ISO 31000, you can reduce
your uncertainty and manage your risk, by using a systematic approach
to risk management.

Uncertainty is a state of being that involves a deficiency of information
and leads to inadequate or incomplete knowledge or understanding.
In the context of risk management, uncertainty exists whenever your
knowledge or understanding of an event, consequence, or likelihood
is inadequate or incomplete. So, you can reduce your uncertainty
by getting better information and improving your knowledge and


ISO 31000 is an international risk management standard. It can be
used by any organization no matter what size it is or what it does. It
can be used by both public and private organizations and by groups,
associations, and enterprises of all kinds. It is not specific to any
sector or industry and can be applied to any type of risk.

ISO 31000 can be applied to the achievement of any and all types of
objectives at all levels and areas within an organization. It can be used
at a strategic or organizational level to help make decisions and can be
applied to all types of activities. It can be used to help manage processes,
operations, functions, projects, programs, products, services, and assets.

However, exactly how you apply ISO 31000 is up to you and will depend
on your organization’s needs, objectives, and challenges, and should
reflect what it does and how it operates.


ISO 31000 can be used by a wide range of
stakeholders, including people who need to:

  • Establish a risk management policy.
  • Ensure that risk is managed properly.
  • Manage and control risk within an organization.
  • Evaluate risk management practices and processes.
  • Explain how risk should be managed and controlled.
  • Develop risk management procedures and guides.
  • Prepare related standards and codes of practice.

WHY USE ISO 31000?

When properly implemented and applied,
ISO 31000 will help you to:

  • Increase the likelihood that objectives will be achieved.
  • Improve your ability to identify threats and opportunities.
  • Establish a sound basis for planning and decision making.
  • Help you allocate and use risk treatment resources.
  • Improve the overall resilience of your organization.
  • Improve operational efficiency and effectiveness.
  • Encourage personnel to identify and treat risk.
  • Help minimize your organization’s losses.
  • Improve your risk management controls.
  • Comply with legal and regulatory requirements.
  • Enhance your approach to environmental protection.
  • Improve the effectiveness of your governance activities.
  • Enhance your organization’s health and safety performance.
  • Improve loss prevention and incident management activities.
  • Encourage and support continuous organizational learning.
  • Improve the trust and confidence of your stakeholders.
  • Enhance both mandatory and voluntary reporting.
  • Comply with international norms and standards.


Overview of ISO 31000 Standard

Plain English Risk Management Definitions

ISO 31000 Standard Translated into Plain English

Plain English ISO 31000 Risk Management Checklist

Plain English ISO 31000 Risk Management Audit Tool

Home Page

Our Libraries

A to Z Index


How to Order

Our Products

Our Prices


Praxiom Research Group Limited        780-461-4514

Updated on November 29, 2013. First published on August 31, 2010.

 Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies or to copy and paste
 any of our material onto another web site or to republish it in any way.

Copyright 2010 - 2013 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited