"

12.13: Risk Management Standards

There are a number of risk management standards designed to consolidate best practice principles and help to streamline and improve risk management implementations for businesses. Another factor driving the standardization of risk management frameworks has been the increased scrutiny that organizations must face with regard to their risk management systems. Risk management systems are often required to stand up to rigorous internal audits and assessments in order to prove that they are effective in their implementation and that they are in line with company goals and objectives.

The family of risk management standards defined by ISO 31000 is one such example of a leading international standardization of a risk management approach.[1]

ISO refers to the International Organization for Standardization; the 31000 portion refers to a family of standards for risk management. As well as being an umbrella term for a bunch of different standards, ISO 31000 also refers to a singular standard, specifically known as ISO 31000:2018. This standard defines a set of guidelines for managing risk, designed to be used by organizations of any size, working in any area, to implement effective risk management systems. Unlike many other ISO standards, like 9001 for quality management or 14001 for environmental management, ISO 31000 is a set of guidelines. That means you can’t get an ISO 31000 certification in the same way you could for other standards with specific requirements. Nonetheless, ISO 31000 is a leading framework for organizations seeking to identify, assess, and manage risk with the intention of improving decision-making, governance, and performance.[2]

There are several standards organizations and committees that have developed risk management frameworks, guidance, and approaches that business teams can leverage and adapt for their own company.[3]

Some of the more popular risk management frameworks include:

  • ISO 31000 Family: The International Standards Organization’s guidance on risk management is broad and adaptable to various sectors and industries.
  • NIST Risk Management Framework (RMF): The National Institute of Standards and Technology has released risk management guidance compatible with their Cybersecurity Framework (CSF).
  • COSO Enterprise Risk Management (ERM): The Committee of Sponsoring Organizations’ enterprise risk management guidance. COSO ERM is highly strategic and focuses on aligning risk with organizational objectives.
  • PMBOK and RIMS are more suited for project and insurance-related risks, respectively.
  • FERMA and BS 31100 are more region-specific but still provide valuable guidelines for broader risk management practices.
  • The AIRMIC/IRM/ALARM Risk Management Standard is widely used in the UK to manage risks.

Each of these frameworks provides valuable insights and methods for organizations to manage risks effectively, but the choice of framework depends on the organization’s industry, structure, and specific risk management needs.

 

CAREER SPOTLIGHT

Katarina Borg

Kasia Borg

Katarina Borg

Katarina is a Senior Financial Lines Underwriter with extensive experience in underwriting directors’ and officers’ liability, employment practices liability, fiduciary liability, and crime insurance.

Katarina’s job requires proficiency in analyzing financial statements to assess company stability and evaluate risk profiles, ensuring that underwriting decisions align with guidelines and standards. She manages a diverse portfolio of businesses, leveraging strong relationship management skills to build trust, negotiate effectively, and secure commitments with high-profile clients. She collaborates closely with the claims team to assess coverage, address claims, and navigate resolution processes. She often provides guidance to other underwriters, assisting with complex cases and ensuring that underwriting decisions align with best practices. She strives for excellence in risk assessment, client relationships, and underwriting strategy in the evolving financial lines insurance landscape.

“Effective risk management isn’t about avoiding risk; it’s about understanding, anticipating, and strategically navigating it to create challenges into opportunities.”

Attribution: Photograph and text © Katarina Borg. Used under a Creative Commons Attribution-NonCommercial-NoDerivatives License.

  1. Peterson, O. (2019, August 9). The ultimate risk management guide: Everything you need to know. Process.St.
  2. ISO. (2018). ISO 31000:2018 - Risk management — Guidelines, Edition 2.
  3. Villanueva, E. (2023, August 16). Risk management 1010: Process, examples, strategies. AuditBoard.
definition

License

Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Understanding Business Copyright © 2025 by Conestoga College is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book