ISO Principles of Risk Management

1. Integrated

▪ Risk management is an integral part of all organisational activities. 2. Structured and comprehensive

▪A structured and comprehensive approach to risk management contributes to consistent and comparable results.

3. Customized

▪The risk management framework and process are customized and proportionate to the organisation’s external and internal context related to its objectives.

ISO Principles of Risk Management..

4.Inclusive

▪Appropriate and timely involvement of stakeholders enables their knowledge, views and perceptions to be considered. This results in improved awareness and informed risk management.

5. Dynamic

▪Risks can emerge, change or disappear as an organisation’s external and internal context changes.

▪ Risk management should anticipates, detects, acknowledges and responds to those changes and events in an appropriate and timely manner.

ISO Principles of Risk Management..

6. Best available information

▪The inputs to risk management are based on historical and current information, as well as on future expectations.

▪Risk management should openly takes into account any limitations and uncertainties associated with such information and expectations.

▪Information should be timely, clear and available to relevant stakeholders.

ISO Principles of Risk Management..

7. Human and cultural factors

▪Human behaviour and culture significantly influence all aspects of risk management at each level and stage.

▪Risk management should take into consideration values, beliefs and attitudes of the people in the organisation regarding to risk.

8. Continual improvement

▪Risk management is continually improved through learning and experience.

PMI Principles of Risk Management
▪The Project Management Institute in their PMBoK book has laid

down 10 principles. These principles are;

1. organisational Context
2. Involvement of stakeholders
3. organisational Objectives
4. Reporting
5. Roles and Responsibilities
6. Support structure
7. Early Warning Indicators
8. Review Cycle
9. Supportive culture

10. Continual Improvement

PMI Principles of Risk Management..

1. organisational Context

▪Every organisation is affected to varying degrees by various factors in its environment (Political, Social, Legal, Technological, economical etc.).

▪There are also marked differences in communication channels, internal culture and risk management procedures.

▪The risk management should therefore be able to add value and be an integral part of the organisational process.

PMI Principles of Risk Management..

2. Involvement of stakeholders

▪The risk management process should involve the stakeholders at each and every step of decision making.

▪Stakeholders should remain aware of even the smallest decision made in the organisation.

▪It is further in the interest of the organisation to understand the role the stakeholders can play at each step.

3. organisational Objectives

▪When dealing with a risk it is important to keep the organisational objectives in mind.

▪The risk management process should clearly address the uncertainty.

▪This calls for being systematic and structured and keeping the big picture in mind.

PMI Principles of Risk Management..

4. Reporting

▪ In risk management communication is the key. The authenticity of the information has to be determined.

▪Decisions should be made on best available information and there should be transparency and visibility regarding the same.

5. Roles and Responsibilities

▪Risk Management has to be transparent and inclusive.

▪It should take into account the human factors and ensure that each one knows it roles at each stage of the risk management process.

PMI Principles of Risk Management..

6. Support Structure

▪Ensure that everyone understands how risk is managed through the risk management life cycle and who to go to if they have any questions. For example:

• How are risks identified
• How and when are risks escalated?
• Where and in what format are risks documented? • How and when are risks reviewed etc.

7.Early Warning Indicators

▪Keep track of early signs of a risk translating into an active problem. ▪This is achieved through continual communication by one and all at

each level.

▪It is also important to enable and empower each to deal with the threat at his/her level

PMI Principles of Risk Management..

8. Review Cycle

▪Keep evaluating inputs at each step of the risk management process – Identify, assess, respond and review.

▪The observations are markedly different in each cycle. Identify reasonable interventions and remove unnecessary ones.

9. Supportive Culture

▪Brainstorm and enable a culture of questioning, discussing. This will motivate people to participate more.

10. Continual Improvement

▪Be capable of improving and enhancing your risk management strategies and tactics.

▪Use your learning’s to access the way you look at and manage ongoing risk.