ISO 31000: Understanding the organisation and its context

Alexander Pavlović Date published: Apr 05, 17

As part of ISO 31000, leadership need to demonstrate understanding the organisation and its context in regards to internal and external influences.

Being able to demonstrate the context of the organisation helps a business to properly align its risk management strategy with its overall risk appetite and risk tolerance in order to gain a competitive edge without compromising business continuity.

The following information highlights the internal and external context for risk management, following on from our previous blog on the principles of risk management in relation to ISO 31000.

Considering PESTLE – Your external contributors to risk

Common factors to consider when understanding the context of the organisation in relation to external factors can be assessed using the PESTLE acronym:

• Political
• Economic
• Social
• Technological
• Legal
• Environmental

There are, of course, further factors which will influence the risk elements of an organisation, but these six are key for all businesses.

With each element of the PESTLE acronym, it is important to consider trends, external stakeholder relationships or impact, drivers affecting the organisation’s objectives, and contractual relationships and agreements.

Assessment of internal context

Understanding the internal context could include the mission, vision, values and the alignment of strategic goals and objectives. You should also be looking at standards or regulations adopted by the organisation (which are not required by legislation – that falls under external) and the impact of resource.

Internal context can also cover:

• Complexity of networks
• Knowledge resource, sharing, and management
• Contractual agreements and internal dependencies
• Information systems including technological resource or reliance

When leaders have recognised the influence of external and internal factors which may impact on risk, it is up to them to use this information – the context of the organisation – to assess the severity and likelihood of risks posed within these parameters.

As part of the risk management strategy, once the context is defined it is helpful to the progress of an organisation adhering to an ISO 31000 framework to communicate definitions and understanding to key stakeholders.

Build on your knowledge of understanding the organisation and its context with our quality management software.