Geneva, Switzerland, November 18, 2009 -- A new International Standard, ISO 31000:2009, Risk management – Principles and guidelines, will help organizations of all types and sizes to manage risk effectively.

ISO 31000 provides principles, framework and a process for managing any form of risk in a transparent, systematic and credible manner within any scope or context.

At the same time, ISO is publishing ISO Guide 73:2009, Risk management vocabulary, which complements ISO 31000 by providing a collection of terms and definitions relating to the management of risk.

Kevin W. Knight AM*, Chair of the ISO working group that developed the standard explains, “All organizations, no matter how big or small, face internal and external factors that create uncertainty on whether they will be able to achieve their objectives. The effect of this uncertainty is ‘risk’ and it is inherent in all activities.”

“In fact,” he continued “it can be argued that the global financial crisis resulted from the failure of boards and executive management to effectively manage risk. ISO 31000 is expected to help industry and commerce, public and private, to confidently emerge from the crisis.”

The standard recommends that organizations develop, implement and continuously improve a risk management framework as an integral component of their management system.

“ISO 31000 is a practical document that seeks to assist organizations in developing their own approach to the management of risk. But this is not a standard that organizations can seek certification to. By implementing ISO 31000, organizations can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management. ISO Guide 73 will further ensure that all organizations are on the same page when talking about risk,” said Mr. Knight.

ISO 31000 is designed to help organizations:

Increase the likelihood of achieving objectives

Encourage proactive management

Be aware of the need to identify and treat risk throughout the organization

Improve the identification of opportunities and threats

Comply with relevant legal and regulatory requirements and international norms

Improve financial reporting

Improve governance

Improve stakeholder confidence and trust

Establish a reliable basis for decision making and planning

Improve controls

Effectively allocate and use resources for risk treatment

Improve operational effectiveness and efficiency

Enhance health and safety performance, as well as environmental protection

Improve loss prevention and incident management

Minimize losses

Improve organizational learning

Improve organizational resilience.

ISO 31000 and ISO Guide 73 can be applied to any public, private or community enterprise, association, group or individual. The documents will be useful to:

Those responsible for implementing risk management within their organizations

Those who need to ensure that an organization manages risk

Those needing to evaluate an organization’ practices in managing risk

Developers of standards, guides procedures and codes of practice relating to the management of risk.

Both documents were developed by the ISO Working Group on Risk Management.

ISO 31000:2009, Risk management – Principles and guidelines, and ISO Guide 73:2009, Risk management vocabulary, are available from ISO national member institutes (see the complete list with contact details). They may also be obtained directly from the ISO Central Secretariat, price 112 Swiss francs and 86 Swiss francs respectively, through the ISO Store or by contacting the Marketing, Communication & Information department (see right-hand column).