Return to site

The 2018 Risk Management ISO Update in 4 words

The latest version of the ISO 31000 is not just a simple revision, it represents a major step forward setting the standard for managing risk tomorrow. It has been almost a decade since the ISO 31000 risk management principles were first published, and in that time new threats have outpaced the ability of organizations to understand and integrate risks appropriately. There are four key themes of the new standard and they provide a foundation to meet the wide array of today’s challenges.


The new approach puts a greater emphasis on the creation and preservation of value rather than just the implemention of risk management. Risk management not only becomes a long term lever to ensure project success but also a driver of sustainable growth as it is integrated into business strategy and the management systems at all levels, starting with its governance. Where the 2009 standard considered senior management commitment through the establishment of risk policy, the revised version reinforces its practical integration into key decision-making processes, increasing the focus on value, effective commitment and leadership.


The new standard places an even greater emphasis on stakeholder engagement as a pre-requisite to building and sustaining a Risk Leadership Mindset. Human factors and organizational culture are of increasing importance in reaching both short and long term goals. ISO 31000:2018 requires quality engagement and dialogue across the enterprise with improved communication and engagement with all stakeholders to enhance their involvement in risk management activities.


The standard has been drastically simplified to be more accessible and enhance collaboration with stakeholders at all levels: a concise 15 page document with a reduced numbers of principles – from 11 to 8 – using simple language and a much shorter vocabulary section to express the fundamentals of risk management, making things easier and clearer.


Major changes were also made to take into account continuous improvement and the iterative nature of risk management. The addition of an 8th element to the risk process, “Recording and Reporting”, aligns with an open systems model that regularly exchanges feedback with its external environment to fit multiple needs and contexts, at each stage of the process. As regards risk identification, the new version significantly expands on this critical area.

broken image

The ISO31000:2018 provides guidelines, not requirements, giving managers flexibility to implement the standard the way it suits best their needs and goals. Revised to be more understandable, it lays the groundwork for a renewed trust between risk management experts and end-users, all of whom face specific risk issues but need to understand and communicate with each other.

" The revised version of ISO 31000 focuses on the integration with the organization and the role of leaders and their responsibility. Risk practitioners are often at the margins of organizational management and this emphasis will help them demonstrate that risk management is an integral part of business " said Jason Brown, Chair of technical committee ISO/TC 262 on risk management that developed the standard

At Risk Focus, we believe that multilayered cooperation and facilitated collaboration across the organization must be considered as fundamentals on how risks are managed today. While the new version of the standard is a big step in that direction, developing the culture and a risk leadership mindset is not a simple task. To address this crucial issue, we created a new and effective approach to raise awareness and shape a culture of managing risks. With a simple tool based on crowdsourcing risk, employees are empowered to assess risks and engage in mitigation plans. They keep mobilized during the whole risk management process, creating long term engagement and continuous improvement. Compliant with risk management standard and processes, the tool also provides risk managers with efficient reporting dashboards to track, measure, prioritize and communicate about risks.

Our mission is to develop a leadership mindset that goes beyond risk prevention and management, aligning companies objectives across organizations and helping shape their own culture.

For more information about the standard, visit the ISO 31000 website :

To read the full release article on ISO website :