Checklist Library

Checklist – ISO 31000 Risk Management Checklist

This ISO 31000 risk management readiness checklist can help you find gaps and build your organization’s risk management system to be on par with the ISO 31000 standard.

Plan the establishment of your Risk Management Framework

1.1. Ask stakeholders to support setting up a framework.

1.2. Ask top management to support setting up a framework.

1.3. Assess your existing risk management practices and processes.

1.4. Identify gaps in your risk management practices and processes.

1.5. Establish a framework that meets the unique needs of your organization.

1.6.Establish a framework that fills the gaps in existing practices and processes.

1.7. Consider how you intend to develop your risk management framework.

1.8. Consider how you will design your risk management framework.

1.9 Consider how you will fill in the gaps in your existing practices and procedures.

1.10 Consider how you are going to make risk management part of your organization.

1.11 Consider how you will integrate risk management into all important activities

1.12 Consider how you will incorporate risk management into all decision-making activities.

1.13 Consider how you will integrate risk management across all important functions.

1.14 Consider how you will embed risk management across all governance functions.

1.15 Consider how you are going to implement your risk management framework.

1.16 Consider how you will assess your risk management framework.

1.17 Consider how you are going to improve your risk management framework.

Show leadership by committing to risk management

2.1 Ask your leaders to support a risk management framework.

2.2 Ask your leaders to commit to risk management.

2.3 Request control bodies to commit to risk management.

2.4 Request control bodies to align risk management with the organization’s strategy.

2.5 Request control bodies to align risk management with the organization’s culture.

2.6 Request control bodies to align risk management with the organization’s objectives.

2.7 Request control bodies to align risk management with the organization’s obligations.

2.8 Request control bodies to align risk management with voluntary commitments.

2.9 Request the control bodies to render accounts of the supervision of risk management.

2.10 Ask them to make sure the risks are understood throughout the organization.

2.11 Ask them to ensure risks are communicated throughout the organization.

2.12 Ask them to ensure risk management methods are communicated.

2.13 Ask them to ensure that risk management is integrated into all activities.

2.14 Ask them to ensure risk management systems are in place.

2.15 Ask them to ensure that risk management systems are working effectively.

2.16 Ask them to make sure risk is properly assessed when setting goals.

2.17 Ask them to ensure that risk is properly managed in achieving goals.

2.18 Request control bodies to communicate the value of risk management.

2.19 Ask them to communicate the value of risk management to the organization.

2.20 Ask them to communicate the value of risk management to stakeholders.

2.21 Ask top management to commit to risk management.

2.22 Ask senior management to align risk management with the organization’s strategy.

2.23 Ask senior management to align risk management with the organization’s culture.

2.24 Ask senior management to align risk management with the organization’s goals.

2.25 Ask senior management to align risk management with the organization’s obligations.

2.26 Ask senior management to align risk management with voluntary commitments.

2.27 Ask senior management to ensure that appropriate risk criteria are developed.

2.28 Ask them to ensure that the risk criteria are communicated throughout the organization.

2.29 Ask them to ensure that the risk criteria are communicated to all relevant stakeholders.

2.30 Ask them to ensure that the risk criteria are communicated to all relevant stakeholders.

2.31 Ask managers to communicate the value of risk management to the organization.

2.32 Ask managers to communicate the value of risk management to stakeholders.

2.33 Ask senior management to be responsible for managing risk management.

2.34 Ask them to ensure that risk management is integrated into all activities.

2.35 Ask senior management to control the unique risks your organization faces.

2.36 Ask top management to encourage staff to systematically control risks.

2.37 Ask your leaders to establish a risk management framework.

2.38 Ask them to develop a framework that meets the needs of the organization.

2.39 Ask them to prepare a general risk management policy statement.

2.40 Ask them to define their general approach to risk management.

2.41 Ask them to prepare an overall risk management action plan.

2.42 Ask them to hold people accountable for risk management.

2.43 Ask them to assign risk management responsibilities.

2.44 Ask them to assign responsibilities at all appropriate levels.

2.45 Ask them to delegate risk management authorities.

2.46 Ask them to delegate authorities at all appropriate levels.

2.47 Ask them to allocate all necessary resources for risk management.

2.48 Ask them to monitor the implementation of your risk management framework.

2.49 Ask them to make sure it remains appropriate to the context of the organization.

Hold your organization's staff accountable for risk management

3.1 Make risk management an integral part of your organization’s culture.

3.2 Ask everyone in your organization to be responsible for managing risk.

3.3 Ask your government staff to be responsible for managing risk.

3.4 Ask them to be responsible for making risk management part of governance.

3.5 Ask them to take responsibility for making it part of the organization’s purpose.

3.6 Ask them to take it upon themselves to make it part of the organization’s strategy.

3.7 Ask them to take it upon themselves to make risk management part of management.

3.8 Ask them to take it upon themselves to make risk management part of management.

3.9 Ask them to hold management accountable for implementing risk management.

3.10 Ask your management staff to take responsibility for managing the risk.

3.11 Ask them to take it upon themselves to make risk management part of management.

3.12 Ask them to make risk management part of the functions of the organization.

3.13 Ask them to make risk management part of the organization’s policies.

3.14 Ask them to make risk management part of the organization’s goals.

3.15 Ask them to make risk management part of the organization’s operations.

3.16 Ask them to make risk management part of the organization’s processes.

3.17 Ask them to make risk management part of the organization’s practices.

3.18 Ask them to make risk management part of the organization’s rules.

3.19 Ask your base staff to be responsible for managing risk.

3.20 Use iterative methods to embed risk management in your organization.

3.21 Make sure your iterative methods meet the needs of your organization.

3.22 Make sure your organization’s methods are compatible with your culture.

Design your organization's unique risk management framework

4.1 Consider the context of your organization when designing your framework.

4.2 Examine and understand the external context of your organization.

4.3 Take external influences into account during frame design.

4.4 Consider external stakeholders during framework design.

4.5 Examine and understand the needs of external stakeholders.

4.6 Examine and understand the values ​​of external stakeholders.

4.7 Examine and understand the perceptions of external stakeholders.

4.8 Examine and understand the expectations of external stakeholders.

4.9 Examine and understand relationships with external stakeholders.

FINISH CHECKLIST

Comments

 

Name and Signature