Annex 4 - compilation of approaches
Risk management is the coordinated set of activities used to direct and control an organisation with regard to risk. All activities within an organisation involve some level of risk. Successful organisations manage such risk by identifying it, analysing it, and then evaluating whether the risk should be modified in order to satisfy their risk criteria. Such risk management can be applied to an entire organisation, and its many areas and levels, at any time, as well as to specific functions, projects and activities.
The practice of risk management has been developed over time and within many sectors to meet diverse needs. The adoption of consistent processes within a clear framework ensures that risk is managed effectively, efficiently and coherently across an organisation. Risk management should be both proactive and reactive, and an integral part of an organisation’s governance, management, culture and practice.
ISO 31000:2009 and IEC 31010:2009 are international standards for risk management that provide comprehensive principles, guidelines and tools to help organisations manage risk. They are designed to:
- assist proactive assessment
- improve identification of opportunities and threats
- increase the likelihood of meeting risk targets
- improve the engagement of all stakeholders in the management of risk.