ISO 31000 2018 Plain English Introduction


ISO 31000 is a generic risk management standard. It was developed
by ISO Technical Committee 262, Risk Management. The official
name of the standard is
ISO 31000:2018 Risk management - Guidelines.

ISO 31000 2018 was published in February of 2018 and is the second
edition of this ISO standard. It cancels and replaces the ISO 31000 2009
standard which is now obsolete. It was updated in order to streamline
the content and in order to respond to changing stakeholder needs
and expectations

ISO 31000 2018 defines a set of guidelines. They are referred to
as guidelines
because they’re voluntary. They’re not requirements.
They’re suggestions only. These 
suggestions or guidelines are
discussed in the following sections:

4. Risk Management Principles
5. Risk Management Framework
6. Risk Management Process


Since this standard is all about managing risk, we need to define
the term risk. According to ISO 31000 2018, section 3.1, risk is the
“effect of uncertainty on objectives”, and an effect is a positive or
negative deviation from what is expected. So, risk is the chance
that there will be a positive or negative deviation from the
objective we expect to achieve.

ISO’s definition recognizes that all of us operate in an uncertain world.
Whenever we try to achieve an objective, there’s always the chance that
things will not go according to plan. Every step has an element of risk
that needs to be managed and every outcome is uncertain.

Whenever we try to achieve an objective, we don't always get the
results we expect. Sometimes we get positive results and sometimes
we get negative results and occasionally we get both. Because of this,
we need to reduce uncertainty as much as we possibly can. According
to ISO 31000 2018, you can reduce your uncertainty and manage your
risk, by using a systematic approach to risk management.

The traditional approach to risk management combines three elements:
it starts with a potential event and then combines its probability with its
potential severity. A high risk event would have a high likelihood of
occurring and a severe impact if it actually occurred.

While ISO 31000 defines risk in a new and unusual way, the old and
the new definitions are largely compatible. Both definitions talk about
the same phenomena but from two different perspectives. ISO thinks of
risk in goal-oriented terms while the traditional definition thinks of risk in
event-oriented terms. These two definitions can and do co-exist. They’re
simply two different ways of talking about the same phenomena.


ISO 31000 2018 can be used by any organization no matter what
size it is or what it does. It can be used by both public and private
organizations and by groups, associations, and enterprises of all
kinds. It is not specific to any sector or industry and can be
applied to any type of risk.

ISO 31000 can be applied to the achievement of any and all types
of objectives at all levels and in all areas. It can be used at a strategic
level to help make decisions and can be applied to all kinds of activities.
It can be used to help manage and control processes, operations, functions, projects, programs, products, services, and assets.

However, exactly how you apply ISO 31000 is up to you and will
depend on your organization’s needs, objectives, and challenges,
and should reflect what it does and how it operates.

WHY USE ISO 31000?

When properly implemented and applied,
ISO 31000 will help your organization to:

  • Increase the likelihood that objectives will be achieved.
  • Improve its ability to identify threats and opportunities.
  • Improve the overall resilience of your organization.
  • Improve operational efficiency and effectiveness.
  • Encourage personnel to identify and treat risk.
  • Improve your risk management controls.
  • Comply with legal and regulatory requirements.
  • Improve the effectiveness of your governance activities.
  • Establish a sound basis for planning and decision making.
  • Improve loss prevention and incident management activities.
  • Encourage and support continuous organizational learning.
  • Improve the trust and confidence of your stakeholders.
  • Enhance both mandatory and voluntary reporting.
  • Comply with international norms and standards.


Outline of ISO 31000 2018 Standard

Overview of ISO 31000 2018 Standard

Plain English Risk Management Definitions

ISO 31000 2018 Standard Translated into Plain English

Plain English ISO 31000 2018 Risk Management Checklist

Plain English ISO 31000 2018 Risk Management Audit Tool

Home Page

Our Library

A to Z Index


How to Order

Our Products

Our Prices


Praxiom Research Group Limited        780-461-4514

Updated on August 8, 2018. First published on August 31, 2010.

 Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies or to copy and paste
 any of our material onto another web site or to republish it in any way.

Copyright © 2010 - 2018 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited