The risk approach is the central theme of all management system standards in line with Annex SL. Therefore, the application and reference of ISO 31000 is essential in these processes.
ISO 31000 is the Risk Management Standard that addresses guidelines and a guide for implementing organizational risk management. The Standard is in version 2018 and presents a reference methodology and in a generic way, which can be adapted to any subject such as: quality, environment, occupational safety and health, anti-bribery, compliance, etc.
Risk management is present in all management system standards appropriate to Annex SL, which makes the ISO 31000 methodology extremely important for companies that have a management system implemented in accordance with ISO standards.
The Standard states that “managing risks is iterative and helps organizations to establish strategies, achieve objectives and make decisions.” Only by this statement can we see the clear alignment of risk management at the highest organizational level, the strategic. This is because with an effective risk assessment, organizations can anticipate problems, trends and impacts for more assertive decision making.
The figure above presents the risk management process according to ISO 31000, this process, as previously reported, can be applied to any topic and in any management system.
The risk management process observes an event record and report with the synergy between scope, context and criteria. The risk assessment process is basically divided into three stages: risk identification, risk analysis and risk assessment, with a defined criterion within the risk treatment.
In the image above, it is important to highlight the presence and support processes for risk management such as communication and consultation and monitoring and critical analysis. Communication and consultation is essential within a risk management process, as it is the stage where you collect input information and communicate output information, thus maintaining the dynamic process.
The monitoring and critical analysis of risk management is an integral part of a continuous system, there is no point in a process of static risk management and without feedback, it needs to be analyzed at planned intervals or in cases of significant events.
To conclude this article, but not to exhaust the subject, I emphasize the importance of ISO 31000 for all Management System Standards. It would be correct before implementing any management system, using ISO 31000 for risk management of the theme and starting the implementation, I’m sure it would be a much more effective method, but this is the subject for another post.