· Risk Factors
· Probability of occurrence
· Range of possible outcomes (impact and stake)
· Expected timing of event
· Anticipated frequency of risk events
Risk Severity – Level of criticality
Risk Tolerance – The amount of acceptable risk
Scope baseline – Approved project scope used during scope change management to prevent scope creep
Risk Adverse – Conservative and unwilling to take risks
ISO 31000
ISO 31000 applies to existing legacy management practices to formalise and improve risk management processes. On implementing ISO 31000, attention is to be given to integrating existing risk management processes in the new paradigm addressed in the standard. The main focus of ISO 31000 is harmonisation of programmes aiming at:
· Transferring accountability gaps in the context of enterprise risk management
· Aligning objectives of the governance framework (as part of the standard)
· Embedding management system reporting mechanisms
· Creating standardisation of risk criteria and evaluation metrics
KEY ISO PRINCIPLES
Main ISO principles identified as part of risk management as an ongoing process include:
· being a systematic and structured process
· being dynamic, iterative and responsive to change
· being open to continuous improvement and enhancement
· being an integral part of organisational decision making process
· being based on the best available and dependable information