- Edition: 1st Edition
- Available in: Paperback
- ISBN: 978-0965466578
- Published: January 1, 2016
ISO 31000: Enterprise Risk Management
by Greg Hutchins PE CERM
This book is the first and only book that describes ISO 31000 in terms of:
- Architect the system. Architecting means determining which elements of the risk management framework, system, or process should be used and tailored based on the organizational context.
- Design the system. Designing the system means determining how each element of the risk management process can be tailored to specific organizational stakeholders, customers, and interested parties.
- Implement the system. Implementing means integrating the risk management framework and process into the organization’s general management system. This step is often a behavioral and cultural change in the project.
- Assure the system. Assuring means risks are being controlled within the organization’s risk appetite and objectives are being met.
ISO 31000: Enterprise Risk Management Benefits
ISO 31000 risk management framework is descriptive not prescriptive. It describes in general terms risk management principles and elements of a framework. The purpose of the framework is to integrate risk management into ISO management systems such as ISO 9001:2015 or ISO 14001:2015.  ISO 31000 is written so an organization may tailor its components to its context and specific requirements.
ISO 31000: Enterprise Risk Management is adaptable to different organizations, contexts, statutes, and environments. Properly architected, designed, implemented, and assured,  ISO 31000: Enterprise Risk Management book offers you the following benefits:
- Is an international standard that more than 60 countries have adopted as a national risk standard.
- Is practical for the small to medium sized organization getting into Risk Based Thinking.
- Can be applied and integrated into ISO management systems easier than any risk management framework.
- Can be applied to organizations in almost any sector, maturity level, and capability level.
- Is an open ended guideline that is flexible and open to interpretation so it can be applied universally.
- Encourage proactive, preventive, preemptive, and predictiveâ„¢ decision making rather than reactive management.
- Identify and treat risks throughout the enterprise.
- Improve identification of upside risks (opportunities) and downside risks (threats).
- Comply with legal and regulatory requirements.
- Improve financial reporting.
- Improve corporate governance, risk, and compliance (GRC).
- Improve stakeholder confidence and trust.
- Improve ‘Tone at the Top’ and other soft controls.
- Establish a reliable basis for risk based, problem solving and decision making.
- Improve operational risk controls.
- Allocate resources effectively and efficiently for risk management, treatment, and mitigation.
- Improve operational effectiveness, efficiency, and economics.
- Improve incident management and prevention.
- Identify and minimize possible losses.
- Is structured around the PDCA cycle that most operations, six sigma, and quality professionals understand.
- Is a short standard that can be read easily and quickly.
ISO 31000: Enterprise Risk Management Chapters
- Introduction
- ISO Risk Based Thinking
- ISO 31000 Risk Management Principles
- ISO 31000 Risk Concepts and Definitions
- ISO 31000 Framework for Managing Risk
- ISO 31000 Risk Management Process
- ISO 31010 Risk Assessment Tools and Techniques
- ISO 31000 Enhanced Risk Management
- Appendix
- Risk Glossary
