M00002768
New product
BS 31100:2021 Risk management. Code of practice and guidance for the implementation of BS ISO 31000:2018
standard by BSI Group, 11/19/2021
This British Standard gives recommendations for implementing the principles and guidelines in BS ISO 31000:2018 for developing a risk management framework and associated processes. It provides a basis for understanding, developing, implementing and maintaining proportionate and effective risk management throughout an organization, to enhance the organization's likelihood of achieving its objectives.
All current amendments available at time of purchase are included with the purchase of this document.
In stock
Warning: Last items in stock!
Availability date: 12/12/2021
Publishing and copyright information
The BSI copyright notice displayed in this document indicates when the document was last issued.
© The British Standards Institution 2021 Published by BSI Standards Limited 2021 ISBN 978 0 539 16219 6
ICS 03.100.01
The following BSI references relate to the work on this document: Committee reference RM/1
Draft for comment 21/30430517 DC
Amendments/corrigenda issued since publication
Date | Text affected |
© THE BRITISH STANDARDS INSTITUTION 2021 – ALL RIGHTS RESERVED
Foreword ii
Introduction 1
1 | Scope | 1 |
2 | Normative references | 1 |
3 | Terms and definitions | 2 |
4 | Risk management principles | 3 |
4.1 | Value creation and protection | 3 |
Figure 1 — Risk management principles | 4 | |
4.2 | Integrated | 4 |
4.3 | Structured and comprehensive | 4 |
4.4 | Customized | 5 |
4.5 | Inclusive | 5 |
4.6 | Dynamic | 5 |
4.7 | Best available information | 5 |
4.8 | Human and cultural factors | 6 |
4.9 | Continual improvement | 6 |
5 | Risk management framework | 7 |
5.1 | General | 7 |
Figure 2 — Risk management framework | 8 | |
5.2 | Leadership and commitment | 9 |
5.3 | Integration | 9 |
5.4 | Design | 10 |
5.5 | Implementation | 12 |
5.6 | Evaluation | 12 |
5.7 | Improvement | 12 |
6 | Risk management process | 13 |
6.1 | General | 13 |
Figure 3 — Risk management process | 13 | |
6.2 | Relationship between risk management process and risk management framework | 13 |
6.3 | Communication and consultation | 15 |
6.4 | Scope, context and criteria | 16 |
6.5 | Risk assessment | 18 |
Figure 4 — Risk criteria to determine where additional action is required | 20 | |
6.6 | Risk treatment | 20 |
6.7 | Monitoring and review | 22 |
6.8 | Recording and reporting | 23 |
Annex A | (informative) Emerging risk | 25 |
Annex B | (informative) Risk tools | 27 |
Figure B.1 — Application of techniques in the BS ISO 31000 risk management process | 28 | |
Annex C | (informative) Assessing progress and risk maturity | 29 |
Table C.1 — Questions to prompt discussion based on key elements of the standard | 30 | |
Table C.2 — Questions for the selection of a risk maturity model | 32 | |
Bibliography | 33 |
Summary of pages
This document comprises a front cover, an inside front cover, pages I to IV, pages 1 to 33, an inside back cover and a back cover.
© THE BRITISH STANDARDS INSTITUTION 2021 – ALL RIGHTS RESERVED I
Publishing information
This British Standard is published by BSI Standards Limited, under licence from The British Standards Institution, and came into effect on 30 November 2021. It was prepared by Technical Committee RM/1, Risk management. A list of organizations represented on this committee can be obtained on request to the committee manager.
Supersession
This British Standard supersedes BS 31100:2011, which is withdrawn.
Information about this document
Copyright is claimed on Figure 1, Figure 2 and Figure 3. Copyright holders are the International Organization for Standardization (ISO), Chemin de Blandonnet 8, CP 401, 1214 Vernier, Geneva, Switzerland. Copyright is claimed on Figure B.1. Copyright holders are the International Electrotechnical Commission (IEC), 3 rue de Varembé, PO Box 131, CH-1211 Geneva 20, Switzerland.
BSI thanks the ISO and IEC for permission to reproduce information from their standards. All such extracts are copyright of the ISO and IEC. All rights reserved. The ISO and IEC have no responsibility for the placement and context in which the extracts and contents are reproduced, nor are ISO or IEC in any way responsible for the other content or accuracy therein.
Further information on the ISO and the IEC is available from www.iso.org and www.iec.ch respectively.
This publication can be withdrawn, revised, partially superseded or superseded. Information regarding the status of this publication can be found in the Standards Catalogue on the BSI website at bsigroup.com/standards, or by contacting the Customer Services team.
Where websites and webpages have been cited, they are provided for ease of reference and are correct at the time of publication. The location of a webpage or website, or its contents, cannot be guaranteed.
Use of this document
As a code of practice, this British Standard takes the form of recommendations and guidance. It is not to be quoted as if it were a specification. Users are expected to ensure that claims of compliance are not misleading.
Users may substitute any of the recommendations in this British Standard with practices of equivalent or better outcome. Any user claiming compliance with this British Standard is expected to be able to justify any course of action that deviates from its recommendations.
Presentational conventions
The provisions of this standard are presented in roman (i.e. upright) type. Its recommendations are expressed in sentences in which the principal auxiliary verb is “should”.
Commentary, explanation and general informative material is presented in smaller italic type, and does not constitute a normative element.
Where words have alternative spellings, the preferred spelling of the Shorter Oxford English Dictionary is used (e.g. “organization” rather than “organisation”).
II © THE BRITISH STANDARDS INSTITUTION 2021 – ALL RIGHTS RESERVED
Contractual and legal considerations
This publication has been prepared in good faith, however no representation, warranty, assurance or undertaking (express or implied) is or will be made, and no responsibility or liability is or will be accepted by BSI in relation to the adequacy, accuracy, completeness or reasonableness of this publication. All and any such responsibility and liability is expressly disclaimed to the full extent permitted by the law.
This publication is provided as is, and is to be used at the recipient’s own risk.
The recipient is advised to consider seeking professional guidance with respect to its use of this publication.
This publication is not intended to constitute a contract. Users are responsible for its correct application.
Compliance with a British Standard cannot confer immunity from legal obligations.
© THE BRITISH STANDARDS INSTITUTION 2021 – ALL RIGHTS RESERVED III
BRITISH STANDARD BS 31100:2021
Organizations of all types and sizes face a range of risks affecting the achievement of their objectives. While “risk” is commonly regarded as negative, risk management is as much about exploiting potential opportunities as preventing potential threats. It is important to bear this in mind whenever managing risk, and in reading this document.
Effective risk management continuously, systematically and proportionally addresses the known risks surrounding the organization’s activities. It cannot be separated from the culture of the organization. Risk management comprises a framework and process(es) based upon eight core principles as described in BS ISO 31000:2018. This British Standard has been revised to align with BS ISO 31000:2018 and to add supplementary material (examples, concepts).
These are intended to help an organization to manage uncertainty in an effective, efficient and systematic way from strategic, programme, project and operational perspectives, as well as to support continual improvement. Risk management applies at all levels of an organization and to all activities.
Risk management is part of good management and organizations that manage risk well are more likely to achieve their objectives.
This British Standard gives recommendations for implementing the principles and guidelines in BS ISO 31000:2018 for developing a risk management framework and associated processes. It provides a basis for understanding, developing, implementing and maintaining proportionate and effective risk management throughout an organization, to enhance the organization’s likelihood of achieving its objectives.
This British Standard is intended for use by anyone with responsibility for, or who is involved in, any of the following:
ensuring an organization achieves its objectives and enhances decision-making;
ensuring risks are proactively managed in specific areas or activities;
overseeing risk management in an organization;
providing assurance about the effectiveness of an organization’s risk management; and/or
reporting to stakeholders.
The following documents are referred to in the text in such a way that some or all of their content constitutes provisions of this document1). For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
BS ISO 31000:2018, Risk management – Guidelines
1) Documents that are referred to solely in an informative manner are listed in the Bibliography.
© THE BRITISH STANDARDS INSTITUTION 2021 – ALL RIGHTS RESERVED 1