• SOLUTIONS
    • Quality

      QUALITY

      Quality management solution

      Embed quality throughout your business processes by aligning and centralising all key functions to elevate your organisation to its full potential.

      Find out more

      CASE STUDY

      JAE Oregon take ownership of ISO 9001 and 14001 compliance activities.

      BUSINESS NEEDS

      • APQP
      • ISO & Certifications
      • CAPA management
      • First article inspection report
      • Product part approval process
      • Quality management
      • Supplier management
      • Document management
      • Quality control

      INDUSTRIES

      • Aerospace and defence
      • Life science
      • Manufacturing
      • Healthcare
      • Food and drink
      • Pharmaceuticals
    • Health, safety and environmental

      HEALTH, SAFETY AND ENVIRONMENTAL

      Health, safety and environmental management solutions

      Reduce risk, protect your people and drive sustainability, efficiently and effectively

      Find out more

      CASE STUDY

      News Corp streamline essential workplace training to suit everyone.

      BUSINESS NEEDS

      • Safety management
      • Incident management
      • Health and safety training solution
      • Enviromental

      INDUSTRIES

      • Food and drink
      • Energy
      • Transport and logistics
      • Aviation
    • Audit and risk

      AUDIT AND RISK

      Audit and risk management solutions

      Our powerful audit and risk management solutions help you protect your business, its customers and your corporate clients.

      Find out more

      CASE STUDY

      Cadence Bank integrate audit and risk to create a more powerful system.

      BUSINESS NEEDS

      • Internal audit
      • Risk management
      • External audit tools

      INDUSTRIES

      • Finance
      • Government
      • Education
    • Collaboration

      COLLABORATION

      Collaboration solution

      Bring your people, content and actions together with highly secure, cloud-based collaboration solutions.

      Find out more

      CASE STUDY

      Altera meet CMMI best practices with better control and efficiency.

      BUSINESS NEEDS

      • Bids and proposals
      • Document redaction
      • Document co-authoring and review

      INDUSTRIES

      • Aerospace and defence
      • Life Sciences and pharmaceuticals
      • AEC
    • PRODUCTS
    • Q-Pulse QMS
    • Q-Pulse PM
    • Q-Pulse WorkRite
    • Q-Pulse Law
    • Pentana Audit
    • Pentana Disclose
    • Pentana Risk
    • PleaseReview
    • Coruson
    • Ideagen Academy
    • Huddle
    • Qualtrax
    • InspectionXpert
    • Mi-Co
    • CompliSpace
    • OpsBase
    • Audit Analytics
    • Mail Manager
    • CompliancePath

    FEATURED RESOURCES

    CASE STUDY

    Q-Pulse enabled Anthony Nolan to meet a range of regulations and stay compliant.

    • INDUSTRIES
    • Aerospace and defence
    • Aviation
    • Energy
    • Financial services
    • Healthcare
    • Life science
    • Manufacturing
    • Pharmaceuticals
    • Transport & logistics
    • Food & drinks
    • AEC
    • Government

    FEATURED RESOURCES

    CASE STUDY

    Mettle Ops achieve AS9100 compliance with zero non-conformances.

    CASE STUDY

    NWDC drastically reduces time spent on creating documents.

    • RESOURCES
    • By Industry

      BY INDUSTRY

      • Aerospace and defence
      • Aviation
      • Energy
      • Financial services
      • Healthcare
      • Life science
      • Manufacturing
      • Rail

      FEATURED RESOURCES

      WHITEPAPER

      Manage anti-money laundering regulations in the UK and EU.

      CASE STUDY

      Nuffield Health establish a central database for pathology compliance activities.

    • By Solution

      BY SOLUTION

      • Quality
      • Safety
      • Environmental
      • Regulatory
      • Documents
      • Audit
      • Risk

      FEATURED RESOURCES

      WHITEPAPER

      Manage anti-money laundering regulations in the UK and EU.

      CASE STUDY

      Nuffield Health establish a central database for pathology compliance activities.

    • By Product

      BY PRODUCT

      • Q-Pulse QMS
      • Q-Pulse Law
      • Q-Pulse WorkRite
      • Q-Pulse PM
      • Pentana Audit
      • Pentana Disclose
      • Pentana Risk
      • Pleasereview
      • Coruson
      • Ideagen Academy

      FEATURED RESOURCES

      WHITEPAPER

      Manage anti-money laundering regulations in the UK and EU.

      CASE STUDY

      Nuffield Health establish a central database for pathology compliance activities.

    • By Resource Type

      BY RESOURCE TYPE

      • Brochures
      • Case studies
      • Flyers
      • Blog
      • White papers

      FEATURED RESOURCES

      WHITEPAPER

      Manage anti-money laundering regulations in the UK and EU.

      CASE STUDY

      Nuffield Health establish a central database for pathology compliance activities.

    View All Resources
    • COMPANY
    • About Us

      ABOUT US

      • Our company
      • Leadership team
      • Objectives
      • Strategy
      • Values
      • Our customer focus
      • Certifications
      • Investors

      FEATURED RESOURCES

      CAREERS

      We are recruiting! Take the next exciting step in your career

      VALUES

      We are ambitious - We are adventurous - We are community

    • Events and Updates

      EVENTS AND UPDATES

      • Events
      • News
      • Blogs

      FEATURED RESOURCES

      CAREERS

      We are recruiting! Take the next exciting step in your career

      VALUES

      We are ambitious - We are adventurous - We are community

    • Careers

      CAREERS

      • Careers overview
      • Current vacancies

        HIRING

      • Benefits
      • Apprenticeships
      • Meet our teams

      FEATURED RESOURCES

      CAREERS

      We are recruiting! Take the next exciting step in your career

      VALUES

      We are ambitious - We are adventurous - We are community

  • Contact Sales
Menu
  • Solutions
    • « Back
    • Solutions
    • Quality
      • « Back
      • Quality
      • Quality management solution

        Embed quality throughout your business processes by aligning and centralising all key functions to elevate your organisation to its full potential.

      • Find Out More

      APQP

      CAPA management

      ISO & Certifications

      First article inspection report

      Product part approval process

      Supplier management

      Quality Control

      Quality management

      Document management

      Aerospace and defence

      Life science

      Manufacturing

      Healthcare

      Food and drink

      Pharmaceuticals

      Contact us
    • Health, safety and environmental
      • « Back
      • Health, safety and environmental
      • Health, safety and environmental management solutions

        Reduce risk, protect your people and drive sustainability, efficiently and effectively

      • Find Out More

      Safety management

      Incident management

      Health and safety training solution

      Enviromental

      Food and drink

      Energy

      Transport and logistics

      Aviation

      Contact us
    • Audit & Risk
      • « Back
      • Audit & Risk
      • Audit and risk management solutions

        Our powerful audit and risk management solutions help you protect your business, its customers and your corporate clients.

      • Find out more

      Internal audit

      Risk software

      External audit software

      Finance

      Government

      Education

      Contact us
    • Collaboration
      • « Back
      • Collaboration
      • Collaboration solution

        Bring your people, content and actions together with highly secure, cloud-based collaboration solutions.

      • Find Out More

      Bids and proposals

      Document redaction

      Document co-authoring and review

      Aerospace and defence

      Life Science and Pharmaceuticals

      AEC

      Contact Us
    Contact us
  • Products
    • « Back
    • Products
    • Q-Pulse QMS

      Q-Pulse PM

      Q-Pulse WorkRite

      Q-Pulse Law

      Pentana Audit

      Pentana Disclose

      Pentana Risk

      PleaseReview

      Coruson

      Ideagen Academy

      Audit Analytics

      Mail Manager

      CompliancePath

      Huddle

      Qualtrax

      InspectionXpert

      Mi-Co

      CompliSpace

      OpsBase

    Contact Us
  • Industries
    • « Back
    • Industries
    • Aerospace and defence

      Aviation

      Energy

      Finance

      Healthcare

      Life science

      Manufacturing

      Pharmaceuticals

      Transport & logistics

      Food & drinks

      AEC

      Government

    Contact Us
  • Resources
    • « Back
    • Resources
    • By Industry
      • « Back
      • By Industry
      • Aerospace and defence

        Aviation

        Energy

        Financial services

        Healthcare

        Life science

        Manufacturing

        Rail

      • View all resources
      Contact us
    • By Solution
      • « Back
      • By Solution
      • Quality

        Safety

        Environmental

        Regulatory

        Documents

        Audit

        Risk

      • View all resources
      Contact us
    • By Product
      • « Back
      • By Product
      • Q-Pulse QMS

        Q-Pulse Law

        Q-Pulse WorkRite

        Q-Pulse PM

        Pentana Audit

        Pentana Disclose

        Pentana Risk

        Pleasereview

        Coruson

        Ideagen Academy

      • View all resources
      Contact us
    • By Resource Type
      • « Back
      • By Resource Type
      • Brochures

        Case studies

        Flyers

        Blog

        White papers

      • View all resources
      Contact us
    Contact us
  • Company
    • « Back
    • Company
    • About us
      • « Back
      • About us
      • Our company

        Leadership team

        Objectives

        Strategy

        Values

        Our customer focus

        Certifications

        Investors

      Contact us
    • Events and updates
      • « Back
      • Events and updates
      • Events

        News

        Blogs

      Contact us
    • Careers
      • « Back
      • Careers
      • Careers overview

        Current vacancies

        Benefits

        Apprenticeships

        Meet our teams

      Contact us
    Contact us
Contact Us
  • Home
  • Thought Leadership
  • Blog
  • ISO 31000: How to carry out a risk assessment

ISO 31000: How to carry out a risk assessment

26 April 2017

Image of 3 individuals analysing data
ISO 31000: How to carry out a risk assessment

Share this

Now that we’ve looked at different areas to consider when assessing your ISO 31000 risk management framework, let’s focus on how to carry out a risk assessment in the eighth installment of our ISO 31000 blog series.

Once the context of the organisation  and the scope of the risk management strategy are defined, the risk criteria  can then be identified and developed (Clause 6.3). These sets of criteria are designed to establish the way risks are recognised and recorded. From this information, we can determine how to carry out an ISO 31000 risk assessment.

The next step of the ISO 31000 framework is Clause 6.4. This is the overall process of identifying risks, analysis, and the evaluation of risk criteria effectiveness. The whole process is designed to be systematic, iterative, and collaborative so that a comprehensive and integrated risk management strategy is developed. At all stages of risk assessment, it is vital to communicate with and involve key internal and external stakeholders where required, to make the most of broad experience and knowledge to develop a strong strategy.

Clause 6.4.2: Risk Identification

The first step in ISO 31000 risk assessment is the identification stage. You are required to find, understand, and describe risks. Remember that a risk is considered as something that could hinder, prevent, or even help an organisation to achieve its strategic objectives.

During the risk identification stage, it is vital to use the latest information available. Factual, timely, and accurate data will enable you to develop the most relevant strategy. Factors to consider when identifying a potential risk to your organisation may include:

  • Tangible and intangible sources
  • Causes / events
  • Threats and opportunities (even positive risks need to be assessed)
  • Existing capabilities for handling risk, and any vulnerabilities
  • Contextual changes, such as alteration to an external factor
  • Resources available, the nature and value of such
  • The likelihood and consequences of a risk
  • The severity of a risk should it occur
  • Knowledge gaps (the known unknowns)
  • Time resources and allocation of risk management team
  • The bias, experiences, and assumptions of stakeholders involved in risk assessment

When identifying a risk, it’s important to note that there may be more than one outcome to a risk occurrence – and that this may impact upon further identified risks.

Clause 6.4.3: Risk Analysis

The risk analysis phase allows for decisions to be made regarding risk treatment, and to further identify and define the organisation's risk appetite. The risk type, level, and likelihood are all taken into consideration alongside detailed factors such as available resource and internal/external influences.

There may be multiple outcomes possible from one risk incident, and this may impact on further risks. The domino effect of a risk should also be considered within the context of the organisation’s objectives.

The techniques used to analyse risk are plenty and varied, and it is up to the organisation to define the ones used. Some of this is covered in Clause 6.3, as the context of the risk strategy includes the definition of risk criteria and measuring capabilities. You may choose to use a qualitative, semi-quantitative, or quantitative approach, or a combination of all three, in order to determine how to analyse risks.

Remember that risk is very subjective. While communication with key stakeholders at all stages of risk management strategy development and implementation is vital, an approach must be taken where bias is mitigated in some way. One person may perceive a risk as highly likely and severe, while another may consider it moderately likely and less severe. It’s up to your organisation to determine how to define the measurement of the level of risk, and this will impact how you measure and analyse risks.

iso 31000 risk assessment

Clause 6.4.4 Risk Evaluation

The final stage in the risk assessment process is risk evaluation. The idea behind evaluation is to allow an organisation to make decisions regarding risk treatment and the prioritising of risk mitigation with ease.

Risk evaluation takes the risk criteria and measures against the risk analysis to determine:

  • Effectiveness of criteria definition
  • Which risks are the highest priority
  • How to approach the next steps (risk treatment)
  • Success of risk analysis process (are there any knowledge gaps remaining?)

The outcome of a risk evaluation could result in several actions: you will either need to assign further analysis, maintain your existing controls, or reconsider the objectives of the risk strategy in alignment with the organisation’s objectives.

Regular evaluation allows you to develop a comprehensive and mature risk management strategy, as changes to risk factors, impact, consequence, and objectives can be addressed in a reasonable time frame.

Now that you know how to carry out a risk assessment, find out how one of our customers improved their CA/PA risk assessment process with our software. 

alexander-pavlovic.jpg
Written by

Alexander Pavlović

Alex produces targeted content to help Ideagen’s readers and customers navigate the complex world of quality, governance, risk and compliance.

Alex has worked with brands such as BT, Sodexo and Unilever and is passionate about helping businesses build a cohesive, collaborative culture of quality.

Find the best product for you

Use our product assistance tool and get recommendations based on your business needs.

My Business Need

This will help us identify the best software product for you.

Please select at least one business need

Tell Us More

Please share some further detail so we can refine your product recommendations.

Please select a type of risk
Previous
Solutions Quality Health, Safety & Environmental Audit & Risk Documents & Collaboration Company Leadership team Our objectives Strategy Investors Careers Vacancies We're hiring
Ideagen products Q-Pulse QMS Q-Pulse WorkRite Q-Pulse PM Q-Pulse Law Pentana Audit Pentana Disclose Pentana Risk PleaseReview Coruson Ideagen Academy Ideagen Academy CompliancePath Huddle Qualtrax Mi-Co InspectionXpert CompliSpace OpsBase Mail Manager Audit Analytics
Pentana Disclose Pentana Risk PleaseReview Coruson Ideagen Academy CompliancePath Huddle Qualtrax Mi-Co InspectionXpert CompliSpace OpsBase Mail Manager Audit Analytics
Company Leadership team Our objectives Strategy Investors Careers Vacancies We're hiring
Connect with us
© Ideagen Plc.
Privacy Policy Terms and conditions GDPR commitment Environmental policy Slavery and human traficking statement Sitemap