Risk Skills Center Get the Book Risk Skills Center - Balancing Risk

Helping Successful Organizations Improve the Likelihood of Achieving Their Objectives.


"This international Standard can be used by any public, private or community enterprise, association, group or individual. Therefore, this international Standard is not specific to any industry or sector"
ISO 31000

You already manage risk; otherwise your organization would not be where it is today. However, many of the techniques used by boards and senior executives are dated, lack sophistication, and are no longer effective in creating and maintaining an organizations competitive advantage.

So, how do you develop and sustain an effective risk management program? Since the introduction of the ISO 31000 International Risk Management Standard, there is now a framework for organizations to follow. Built upon other leading international risk management standards, the ISO framework is considered the current best practice for Enterprise Risk Management.

Implementing Enterprise Risk Management

To be effective, risk management includes two main components; a framework and a process. The contrast of these two components creates four quadrants:

Let’s look briefly at each of the four.

Quadrant 1: Traditional Management. At this stage the organization operates in a defensive mode, relying on the purchase of insurance when possible. The perspective of risk is that of hazards and is oriented around cause of loss. Risk treatment operates in silos within departments, and consequently is a “bottom-up” process (defensive position).

Quadrant 2: Framework. The “tone from the top” encourages risk awareness across the organization and staff to be accountable for their actions. Strong leadership utilizes the knowledge of all staff and team members in determining controls before risks occur.

Quadrant 3: Process. A strategic process is used to identify, analyze, evaluate and treat risks. The process includes monitoring and reviewing the results to assure success of the plan.

Quadrant 4: Enterprise Risk Management. ERM looks at the upside of risk and the many opportunities it can present. It is tied to strategic objectives and is a coordinated approach that looks at all risk departments. Subject matter experts and risk committees are used to identify risk, and it is a “top-down” process (offensive position).

Utilizing the principles and guideline set forth in ISO 31000, we facilitate the adoption of consistent processes within a comprehensive framework to ensure that risk is managed effectively, efficiently and coherently across your organization.