This International Standard recommends that organizations develop, implement and continuously improve a framework whose purpose is to integrate the process for managing risk into the organization's overall governance, strategy and planning, management, reporting processes, policies, values and culture.
ISO 31000
Why ERM?
Risk can simply be stated as ‘what can go wrong’. Irrespective of organisation size, business, location, the statement applies to each and every facet of an organisation. Having a formal ERM in place is a way to answer ‘ we know what can go wrong, and we have prevented, or we know what we will do”, compare to a statement – where you may say ‘ we are not sure what we will do..”.
|
| |
What is ISO 31000?
ISO 31000 is a risk management – principle and guideline – that guides the implementation of best practice framework in managing enterprise risk.
|
| |
|
What is the approach for successful implementation?
There are primarily six phases, and in each phase there can be several sub-phases:
Phase I – Decide on scope of risk – do you wish to start with the whole of the organisation or wish to limit to critical teams or locations only?
Phase II – Perform risk assessment with the chosen scope – this includes identifying their opportunities and threads, their assets, their risk, thereby defining a risk register
Phase III – Implementation/measurement journey through definition of policy/procedure/documentation on one hand and the implementation of the gaps on the other;
Phase IV – Internal Audit is the process of verifying successful implementation, on one hand, and the inclusion of ERM principles in business lifecycle on the other.
Total duration of each milestone can vary depending upon the complexity of the scope. Talk or write to us at roadmap@coralesecure.com to know how we can take you through a successful journey. |
| |
|
