AS/NZS ISO 31000:2009 Risk Management

Risk assessors should explain the 11 principles of risk management within any risk report in the context of strategic, operational and line objectives of an organisation.

Although  AS/NZS ISO31000:2009 Risk Management has been around since December 2009 many risk reports fail to provide sufficient detail identifying and explaining the 11 principles of risk management. These principles are:

1. Creates and protects value

2. Be an integral part of organisational processes

3. Be part of decision making

4. Explicitly address uncertainty

5. Be systematic, structured and timely

6. Based on the best available information

7. Be tailored

8. Take into account human and cultural factors

9. Be transparent and inclusive

10. Be dynamic, iterative and responsive to change

11. Facilitate the continual improvement of organisations

The Standard is available from SAI Global and should be part of every risk assessors and security professionals library.