Needs
Organizations of all types and sizes are required to minimize all risks (internal and external factors and influences) that make it uncertain whether and when they are achieving their objectives.
Risks may be related to business, financial, compliance and operations.
Organizations should pro-actively manage risk by identifying it, analyzing it and then evaluating whether the risk should be modified by risk treatment in order to satisfy their risk criteria.
Throughout this process, they should communicate and consult with stakeholders and monitor and review the risk and the controls that are modifying the risk in order to ensure that no further risk treatment is required.
ISO 31.000 is an International standard (currently in final draft version) designed for providing organizations with a number of principles that need to be satisfied to make risk management effective.
This International Standard recommends that organizations develop, implement and continuously improve a framework whose purpose is to integrate the process for managing risk into the organization's overall governance, strategy and planning, management, reporting processes, policies, values and culture.
The document has been designed to enable organization to harmonize risk management processes in existing standards such as ISO 14.000 for Environmental Management System and OHSAS 18.001 for Health and Safety Management System.
ISO/FDIS 31.000:2009 provides organizations with a comprehensive framework enabling to ensure that risk is managed effectively, efficiently and coherently across an organization.
The approach described in this International Standard draft provides the principles and guidelines for managing any form of risk in a systematic, transparent and credible manner and within any scope and context.
ICMQ India Approach
ICMQ India has developed an approach to conduct effective voluntary audits to verify whether an organization has established and is deploying an effective Risk Management approach (The ISO 31.000 standard is not intended for purpose of certification)
The purpose of this service is to provide organizations with a third party evaluation on the Risk Management system based on ISO 31.000:2009 and to verify its deployment across the organization.
The Risk Management assessment is conducted in two phases:
Benefits
When implemented and maintained an effective risk management system may enable organizations to:
Assessment process
ICMQ provides a voluntary assessment of the risk management system according to the following process