Our company Our leadership Our values Events News Contact Us

Careers overview Current vacancieshiring Early Careers Benefits

Blogs Case studies Webinars White papers

Contact sales

Your priorities
The Platform
our solutions
- Audit & risk Audit and risk
  External Audit
  Improve the accuracy and efficiency of audits and build trust with clients.
  
  Internal Audit
  Gain total oversight and control of internal audit activity.
  
  Risk Management
  Centralize data for a holistic and strategic view of risk.
  
  Audit and risk solutions
  Audit and risk solutions that help you protect your business, engage with clients and have more strategic influence.
  Latest Gartner® Market Guide for EHS Software
  Download now
- DOCUMENT COLLABORATION DOCUMENT COLLABORATION
  Huddle
  Flexible and highly secure document collaboration for regulated industries.
  
  Mail Manager
  Email add-in for Outlook to boost productivity and improve document management.
  
  OnePlace Solutions
  Connect, simplify and personalize business systems built on Microsoft 365
  
  PleaseReview
  Real-time document review, co-authoring and redaction for regulated industries.
  
  Document collaboration solutions
  Bring teams and customers together with our document collaboration solutions to securely manage emails and documents.
  Latest Gartner® Market Guide for EHS Software
  Download now
- E-Learning and Content E-Learning & Content
  CompliSpace
  Policy, learning and assurance management to meet GRC obligations.
  
  WorkRite
  Workplace training and e-learning management system to meet regulatory requirements.
  
  E-learning and content solutions
  Meet regulatory requirements, bring policies to life, and keep employees safe with e-learning and content solutions.
  Latest Gartner® Market Guide for EHS Software
  Download now
- Environmental, Health and Safety Environmental, Health & Safety
  EHS
  A unified EHS solution that enables employers to report incidents, identify risks in real-time and automate safety processes across your organization.
  
  Maritime safety
  Extensive experience and specialized product suites that specifically address the unique needs of the maritime industry. Manage all aspects of health, safety and incident management.
  
  Environmental, health and safety solutions
  Improve safety, reduce risk and enhance environmental, health and safety performance across your business.
  Latest Gartner® Market Guide for EHS Software
  Download now
- quality quality
  Coruson
  Aviation safety management for complete control and reporting of operational risk.
  
  Quality Control
  Automate quality inspections and documentation to satisfy regulators and customers.
  
  Quality Management
  Digitalize your quality management processes for complete organizational insight.
  
  Smartforms
  Improve mobile incident and event reporting for real-time situational awareness.
  
  Quality solutions
  QMS solutions to help take control and ensure quality in every step of the process to unlock your full potential.
  Latest Gartner® Market Guide for EHS Software
  Download now
- A-Z Products

Our company Our leadership Our values Events News Contact Us

Careers overview Current vacancieshiring Early Careers Benefits

Blogs Case studies Webinars White papers

Contact Sales

Contact sales

2024 Resilience nation report • Download now

Home
Thought Leadership
Blog
ISO 31000: How to carry out a risk assessment

ISO 31000: How to carry out a risk assessment

Clause 6.4.2: Risk Identification

The first step in ISO 31000 risk assessment is the identification stage. You are required to find, understand, and describe risks. Remember that a risk is considered as something that could hinder, prevent, or even help an organisation to achieve its strategic objectives.

During the risk identification stage, it is vital to use the latest information available. Factual, timely, and accurate data will enable you to develop the most relevant strategy. Factors to consider when identifying a potential risk to your organisation may include:

Tangible and intangible sources
Causes / events
Threats and opportunities (even positive risks need to be assessed)
Existing capabilities for handling risk, and any vulnerabilities
Contextual changes, such as alteration to an external factor
Resources available, the nature and value of such
The likelihood and consequences of a risk
The severity of a risk should it occur
Knowledge gaps (the known unknowns)
Time resources and allocation of risk management team
The bias, experiences, and assumptions of stakeholders involved in risk assessment

When identifying a risk, it’s important to note that there may be more than one outcome to a risk occurrence – and that this may impact upon further identified risks.

Clause 6.4.3: Risk Analysis

The risk analysis phase allows for decisions to be made regarding risk treatment, and to further identify and define the organisation's risk appetite. The risk type, level, and likelihood are all taken into consideration alongside detailed factors such as available resource and internal/external influences.

There may be multiple outcomes possible from one risk incident, and this may impact on further risks. The domino effect of a risk should also be considered within the context of the organisation’s objectives.

The techniques used to analyse risk are plenty and varied, and it is up to the organisation to define the ones used. Some of this is covered in Clause 6.3, as the context of the risk strategy includes the definition of risk criteria and measuring capabilities. You may choose to use a qualitative, semi-quantitative, or quantitative approach, or a combination of all three, in order to determine how to analyse risks.

Remember that risk is very subjective. While communication with key stakeholders at all stages of risk management strategy development and implementation is vital, an approach must be taken where bias is mitigated in some way. One person may perceive a risk as highly likely and severe, while another may consider it moderately likely and less severe. It’s up to your organisation to determine how to define the measurement of the level of risk, and this will impact how you measure and analyse risks.

iso 31000 risk assessment

Clause 6.4.4 Risk Evaluation

The final stage in the risk assessment process is risk evaluation. The idea behind evaluation is to allow an organisation to make decisions regarding risk treatment and the prioritising of risk mitigation with ease.

Risk evaluation takes the risk criteria and measures against the risk analysis to determine:

Effectiveness of criteria definition
Which risks are the highest priority
How to approach the next steps (risk treatment)
Success of risk analysis process (are there any knowledge gaps remaining?)

The outcome of a risk evaluation could result in several actions: you will either need to assign further analysis, maintain your existing controls, or reconsider the objectives of the risk strategy in alignment with the organisation’s objectives.

Regular evaluation allows you to develop a comprehensive and mature risk management strategy, as changes to risk factors, impact, consequence, and objectives can be addressed in a reasonable time frame.

Now that you know how to carry out a risk assessment, find out how one of our customers improved their CA/PA risk assessment process with our software.

CONNECT WITH US

Solutions

AUDIT & RISK
External Audit
Internal Audit
Risk Management

DOCUMENT COLLABORATION
Huddle
Mail Manager
OnePlace Solutions
PleaseReview

E-LEARNING & CONTENT
CompliSpace
WorkRite

ENVIRONMENTAL, HEALTH & SAFETY
EHS

QUALITY
Coruson
Quality Control
Quality Management
Smartforms

USEFUL LINKS

Sustainability report

CONNECT WITH US

Privacy policy Terms of use Data protection policy Environmental policy Sexual harassment policy Slavery and human trafficking statement