Important aspects of risk management according to ISO 31000.

Currently, it must be clear to all organizations that risk management is a crucial aspect of the management and governance of a company. Therefore, it is important to perform a risk analysis before starting a task or project, in general, whenever resources are to be invested. The organization should understand the concepts of risk analysis and apply them according to its needs.

As indicated by ISO 31000, the purpose of risk management is helping create and protect value; therefore, it is crucial to make the best possible decisions. These decisions refer basically to adopting measures to safeguard the objectives an organization seeks to achieve.

To effectively address risk management in the organization, ISO 31000 consists of 3 elements that converge with each other and, in turn, with the governance of the organization, as well as the stakeholders:

• Principles
• Reference framework
• Process

The principles –8 in total– are the set of guidelines that define the basics of risk management, which must comply with ISO 31000 and serve to define the management framework on which risk management will be developed.

The reference framework includes 6 aspects and comprises the considerations for integrating, designing, implementing, evaluating, and improving risk management within the entire organization.

The processes –6 in total– should be integrated as part of the overall management of the organization at all levels, whether strategic, tactical, or operational, considering their iterative nature.