ISO 31000


The International Organization for Standardization (ISO) is a worldwide federation of national standards bodies. A standard issued by this organization, ISO 31000, provides a universal risk management framework for use across various entities, sectors, and organizations. Although all organizations manage risk to some degree, ISO 31000 establishes a number of principles considered essential to make risk management effective. Published in November 2009, ISO 31000 is the first international standard on the practice of risk management. The standard applies to any type or size of organization in any country.  (Hardy, 2014)

ISO 31000

ISO 31000 offers a risk management architecture that describes the relationship between risk management principles, a risk management framework, and risk management process. According to ISO 31000, “for risk management to be effective, an organization should at all levels comply with several principles” (see above Figure). The principles cover vast themes and can serve as a foundation for shaping an organization’s risk philosophy.  Common among the integration activities around ERM is the effectiveness of the management framework. Without a framework, it would be difficult to manage risks effectively.


In addition to ISO 31000, there are two other useful documents addressing risk management and risk assessment being adopted as American National Standards:

  • ISO Guide 73:2009, Risk Management Vocabulary
    • IEC/ISO 31010:2009, Risk Management Risk Assessment Techniques


Hardy, D. K. (2014). Enterprise Risk Management: A Guide For Government Professional. Jossey – Bass.

    Twitter not configured.