All organisations are exposed to internal and external factors that create uncertainty as to whether they will be able to achieve their objectives. Risk management helps organisations identify potential threats and opportunities, determine appropriate strategies or controls and make informed decisions. Risk management is essential to an organisation’s governance at all levels and activities.
Enterprise risk management based on ISO 31000
ISO 31000 defines the principles and guides establishing a risk management framework and process. IEC 31010 describes some possible techniques that can be used in risk management processes.
For risk management to be effective, organisations should adopt ISO 31000 principles at all three levels – strategic, programme and project, and operational. Organisations should also implement a risk management framework that helps in effective risk management through the risk management process. The risk management process then primarily addresses identifying, analysing, evaluating, and treating risks.
Benefits of ERM for the organisation
- Early detection of emerging risks
- Consideration of the threat of extreme events
- Adapting strategies to risk appetite
- Identifying and assessing all relevant risks
- Establishing a risk culture in the organisation
Subject of our expert services
1 | Analysis of the existing system and ERM project planning
Analysis of the organisation’s context • Comparison of current risk management performance with ISO 31000 recommendations • Identification of needs for improvement • Development of an ERM project plan
2 | Establishment and implementation of the ERM
Definition of the organisational structure, roles and responsibilities of individuals and relevant committees • Design of the risk policy • Determination of risk acceptance criteria
3 | Design of specific risk management guidelines and methods
Design of specific risk management guidelines and methods for individual disciplines • Recommendation on the selection of tools or development of tools to support risk management processes
4 | Execution of risk management processes in specific areas
Leading risk management processes • Engaging experts for specific topics – business continuity, information and cyber security, privacy, occupational health and safety, compliance management, risks in supplier relationships, etc.
Advanced GRC applications
The difficulty of executing risk management processes increases with the size of the organisation and is influenced by the business sector and the maturity of the management system. For complex organisations, we recommend the use of advanced modular tools.
More information can be found in the Applications section.
Quality of our services
During the provision of consulting services, the standards of quality of service based on ISO 9001 and ISO 20700, information security based on ISO / IEC 27001 and project management based on ISO 21500 are applied.
Competences of our consultants:
- Certified ISO 31000 Lead Risk Manager *
- Certified ISO/IEC 27005 Lead Risk Manager *
* NOTE: ISO/IEC 17024 accredited certification.