AS/NZS ISO 31000:2009 Risk Management
Risk assessors should explain the 11 principles of risk management within any risk report in the context of strategic, operational and line objectives of an organisation.
Although AS/NZS ISO31000:2009 Risk Management has been around since December 2009 many risk reports fail to provide sufficient detail identifying and explaining the 11 principles of risk management. These principles are:
1. Creates and protects value
2. Be an integral part of organisational processes
3. Be part of decision making
4. Explicitly address uncertainty
5. Be systematic, structured and timely
6. Based on the best available information
7. Be tailored
8. Take into account human and cultural factors
9. Be transparent and inclusive
10. Be dynamic, iterative and responsive to change
11. Facilitate the continual improvement of organisations
The Standard is available from SAI Global and should be part of every risk assessors and security professionals library.