New Reduced price! BS 31100:2021 View larger

BS 31100:2021

M00002768

New product

BS 31100:2021 Risk management. Code of practice and guidance for the implementation of BS ISO 31000:2018

standard by BSI Group, 11/19/2021

Full Description

This British Standard gives recommendations for implementing the principles and guidelines in BS ISO 31000:2018 for developing a risk management framework and associated processes. It provides a basis for understanding, developing, implementing and maintaining proportionate and effective risk management throughout an organization, to enhance the organization's likelihood of achieving its objectives.

All current amendments available at time of purchase are included with the purchase of this document.

More details

In stock

$121.82

-56%

$276.86

More info

BS 31100:2021

BS 31100:2021


Risk management — Code of practice and guidance for the implementation of BS ISO 31000:2018



Publishing and copyright information

The BSI copyright notice displayed in this document indicates when the document was last issued.

© The British Standards Institution 2021 Published by BSI Standards Limited 2021 ISBN 978 0 539 16219 6

ICS 03.100.01

The following BSI references relate to the work on this document: Committee reference RM/1

Draft for comment 21/30430517 DC


Amendments/corrigenda issued since publication


Date

Text affected


© THE BRITISH STANDARDS INSTITUTION 2021 – ALL RIGHTS RESERVED



Contents Page


Foreword ii

Introduction 1


1

Scope

1

2

Normative references

1

3

Terms and definitions

2

4

Risk management principles

3

4.1

Value creation and protection

3

Figure 1 — Risk management principles

4

4.2

Integrated

4

4.3

Structured and comprehensive

4

4.4

Customized

5

4.5

Inclusive

5

4.6

Dynamic

5

4.7

Best available information

5

4.8

Human and cultural factors

6

4.9

Continual improvement

6

5

Risk management framework

7

5.1

General

7

Figure 2 — Risk management framework

8

5.2

Leadership and commitment

9

5.3

Integration

9

5.4

Design

10

5.5

Implementation

12

5.6

Evaluation

12

5.7

Improvement

12

6

Risk management process

13

6.1

General

13

Figure 3 — Risk management process

13

6.2

Relationship between risk management process and risk management framework

13

6.3

Communication and consultation

15

6.4

Scope, context and criteria

16

6.5

Risk assessment

18

Figure 4 — Risk criteria to determine where additional action is required

20

6.6

Risk treatment

20

6.7

Monitoring and review

22

6.8

Recording and reporting

23

Annex A

(informative) Emerging risk

25

Annex B

(informative) Risk tools

27

Figure B.1 — Application of techniques in the BS ISO 31000 risk management process

28

Annex C

(informative) Assessing progress and risk maturity

29

Table C.1 — Questions to prompt discussion based on key elements of the standard

30

Table C.2 — Questions for the selection of a risk maturity model

32

Bibliography

33


Summary of pages

This document comprises a front cover, an inside front cover, pages I to IV, pages 1 to 33, an inside back cover and a back cover.



© THE BRITISH STANDARDS INSTITUTION 2021 – ALL RIGHTS RESERVED I



Foreword

Publishing information

This British Standard is published by BSI Standards Limited, under licence from The British Standards Institution, and came into effect on 30 November 2021. It was prepared by Technical Committee RM/1, Risk management. A list of organizations represented on this committee can be obtained on request to the committee manager.

Supersession

This British Standard supersedes BS 31100:2011, which is withdrawn.


Information about this document

Copyright is claimed on Figure 1, Figure 2 and Figure 3. Copyright holders are the International Organization for Standardization (ISO), Chemin de Blandonnet 8, CP 401, 1214 Vernier, Geneva, Switzerland. Copyright is claimed on Figure B.1. Copyright holders are the International Electrotechnical Commission (IEC), 3 rue de Varembé, PO Box 131, CH-1211 Geneva 20, Switzerland.

BSI thanks the ISO and IEC for permission to reproduce information from their standards. All such extracts are copyright of the ISO and IEC. All rights reserved. The ISO and IEC have no responsibility for the placement and context in which the extracts and contents are reproduced, nor are ISO or IEC in any way responsible for the other content or accuracy therein.

Further information on the ISO and the IEC is available from www.iso.org and www.iec.ch respectively.

This publication can be withdrawn, revised, partially superseded or superseded. Information regarding the status of this publication can be found in the Standards Catalogue on the BSI website at bsigroup.com/standards, or by contacting the Customer Services team.

Where websites and webpages have been cited, they are provided for ease of reference and are correct at the time of publication. The location of a webpage or website, or its contents, cannot be guaranteed.

Use of this document

As a code of practice, this British Standard takes the form of recommendations and guidance. It is not to be quoted as if it were a specification. Users are expected to ensure that claims of compliance are not misleading.

Users may substitute any of the recommendations in this British Standard with practices of equivalent or better outcome. Any user claiming compliance with this British Standard is expected to be able to justify any course of action that deviates from its recommendations.

Presentational conventions

The provisions of this standard are presented in roman (i.e. upright) type. Its recommendations are expressed in sentences in which the principal auxiliary verb is “should”.

Commentary, explanation and general informative material is presented in smaller italic type, and does not constitute a normative element.

Where words have alternative spellings, the preferred spelling of the Shorter Oxford English Dictionary is used (e.g. “organization” rather than “organisation”).


II © THE BRITISH STANDARDS INSTITUTION 2021 – ALL RIGHTS RESERVED

Contractual and legal considerations

This publication has been prepared in good faith, however no representation, warranty, assurance or undertaking (express or implied) is or will be made, and no responsibility or liability is or will be accepted by BSI in relation to the adequacy, accuracy, completeness or reasonableness of this publication. All and any such responsibility and liability is expressly disclaimed to the full extent permitted by the law.

This publication is provided as is, and is to be used at the recipient’s own risk.

The recipient is advised to consider seeking professional guidance with respect to its use of this publication.

This publication is not intended to constitute a contract. Users are responsible for its correct application.

Compliance with a British Standard cannot confer immunity from legal obligations.


© THE BRITISH STANDARDS INSTITUTION 2021 – ALL RIGHTS RESERVED III

BRITISH STANDARD BS 31100:2021



Introduction

Organizations of all types and sizes face a range of risks affecting the achievement of their objectives. While “risk” is commonly regarded as negative, risk management is as much about exploiting potential opportunities as preventing potential threats. It is important to bear this in mind whenever managing risk, and in reading this document.

Effective risk management continuously, systematically and proportionally addresses the known risks surrounding the organization’s activities. It cannot be separated from the culture of the organization. Risk management comprises a framework and process(es) based upon eight core principles as described in BS ISO 31000:2018. This British Standard has been revised to align with BS ISO 31000:2018 and to add supplementary material (examples, concepts).

These are intended to help an organization to manage uncertainty in an effective, efficient and systematic way from strategic, programme, project and operational perspectives, as well as to support continual improvement. Risk management applies at all levels of an organization and to all activities.

Risk management is part of good management and organizations that manage risk well are more likely to achieve their objectives.



  1. Scope

    This British Standard gives recommendations for implementing the principles and guidelines in BS ISO 31000:2018 for developing a risk management framework and associated processes. It provides a basis for understanding, developing, implementing and maintaining proportionate and effective risk management throughout an organization, to enhance the organization’s likelihood of achieving its objectives.

    This British Standard is intended for use by anyone with responsibility for, or who is involved in, any of the following:

    1. ensuring an organization achieves its objectives and enhances decision-making;

    2. ensuring risks are proactively managed in specific areas or activities;

    3. overseeing risk management in an organization;

    4. providing assurance about the effectiveness of an organization’s risk management; and/or

    5. reporting to stakeholders.



  2. Normative references

The following documents are referred to in the text in such a way that some or all of their content constitutes provisions of this document1). For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

BS ISO 31000:2018, Risk management – Guidelines



1) Documents that are referred to solely in an informative manner are listed in the Bibliography.


© THE BRITISH STANDARDS INSTITUTION 2021 – ALL RIGHTS RESERVED 1