IGTA Journal - Autumn 2017

Implementing ISO 31000 Implementing a standard of this type will, for example, increase the likelihood of achieving your goals and encourage proactive risk management. You are more likely to be aware of the need to identify and handle risks throughout the whole organisation, to identify opportunities and threats better, and to comply with the various legal and regulatory requirements imposed by national bodies in particular. It is likely to result in better reports, both mandatory and optional, and to improve governance, to bolster confidence, and to reassure stakeholders. Relationships between the risk management principles, framework and process (source ISO 31000 :2009 (E)) A world in the throes of change In a world that is in the throes of change, companies find themselves confronted with two objectives that, on the face of it, conflict with each other: (1) encouraging innovation, intrinsically a source of risk, and (2) guaranteeing a high level of security. To reconcile these objectives, risk must be kept under control and evidence of this control must be provided. The ISO 31000 standard is intended to provide a general framework for managing risk and gives a new definition of risk. It is crucial for everyone to have a common starting point so that they know what a "risk" is. It improves the risk management process, helps integrate risk management IGTA eJournal | Autumn 2017 | 35