ISO 31000: Risk management communication
The ISO 31000 framework is designed to provide a consistent and structured approach to risk management communication, and this includes how to communicate key information to relevant stakeholders.
This is part six in our series on ISO 31000, looking at the importance of communication in risk management and what clause 6.2 requires from your organisation.
Management involved in the development of the risk management and communication strategy need to consult internal and external stakeholders throughout the creation and implementation of the framework. It is like any other business development strategy: it will only be effective if the right elements are communicated to the right people, at the right time.
Feedback can be gathered from stakeholders to ensure an appropriate strategy is put in place using the ISO 31000 framework. Leadership should be confident in their decision-making process and be ready to provide a rationale for decisions made regarding the risk strategy.
It is vital to emphasise the importance of communication in risk management, as without it, you will not be able to progress as a business.
Clause 6.2: Gather Expertise
The design behind Clause 6.2 in the ISO 31000 framework is to bring together a range of areas of expertise in order to deliver a comprehensive risk strategy. This approach reflects the requirement of many other Standards, such as ISO 9001:2015, which state that risk and quality improvement are the responsibility of every individual rather than just a dedicated team.
To create a sense of inclusion, understanding, and continuous improvement, it is suggested under ISO 31000 that management communicate regularly with key stakeholders throughout the risk management strategy development. This also facilitates a risk-aware culture, improving alignment with business goals and objectives, as individuals become aware of their role within day-to-day risk management.
Communication Tips
It is suggested that organisations using the ISO 31000 framework for their risk strategy follow the below points:
- Information should be presented in a timely, accurate, and factual way
- Key stakeholders should be communicated to at each step of the risk management process
- Information should be delivered in accordance with internal policy, confidentiality, respect to individuals’ private data, and maintain the integrity of sensitive information
- Communication is two-way: feedback from stakeholders is essential during the Evaluation stage of the ISO 31000 framework
Watch our Admiral video case study to find out more about importance of risk management communication.