ISO 31000

ISO 31000

International Standard Providing Guidelines on Risk Management

  • We have achieved improved dependability as well as standardization in our processes to assure measurement consistency and the required monitoring to verify conformity in our products. This adds enhanced safety and quality to our customers.
    Helton Calaça – SPC Technical Support    		      
    Mitsubishi Motors
  • SoftExpert Solution has streamlined data sharing for our quality system and has contributed to reducing impacts on the environment through doing away with the need for storing piles of original and obsolete paper documents for auditing purposes.
    Solange Amaral – Human Resource Analyst    		      
    Carrier
  • SE Document has provided the means to streamline our document control, through excellent drilldown options for searching and registering documents, a systematic workflow
    tool for sending pending tasks to system users, as well as really cutting down on the need for printed copies.
    Ângela Fischer    		      
    CTA-Continental
  • SE Document manages ISO standardization documentation to facilitate compliance, as well as all other document types. The workflow system provides great distribution copy control, approval, revision, printed copies, and document retrieval search capabilities. Currently, there are over 1,100 users and 3,500 registered documents.
    Carla Regina Schmitt    		      
    Universal Leaf Tabacos
  • SE Document completely meets our document control requirements, facilitates retrieval, and manages the entire document revision process.
    Janaina Salatti – Quality Supervisor    		      
    Group Roullier
  • The SE Project was implemented quickly and the time required for the adoption of the solution by the users was quite natural, considering that the pharmaceutical segment is legally required to work with reliable and secure records that guarantee the quality of products and do not represent risks to the population.
    Randel Moreira – IT Manager    		      
    Laboratório Globo
  • Our productivity and reliability increased greatly. The software helped us to meet the ISO/TS 16949 standard requirements, providing security in the daily routine of the Engineering area and auditing, while easily proving full compliance with the standard and customer requirements.
    Jeferson R. F. dos Santos – MENFUND Unit Manager    		      
    Menegotti
  • Online access to wherever we offer services ensures us speedy responses, through reliable and updated information, which, in turn, facilitates decision making and customer satisfaction.
    José Andrade – Opetrec Manager    		      
    Opetrec
  • The implementation of SE Action streamlined our continuous improvement process for managing actions, especially through the workflow functionality. This facilitates the verification of occurrence causes and drafting correction actions.
    Gustavo Martins – Quality Department Assistant    		      
    Coca-Cola
  • The SoftExpert facilitates and speeds up activities, and the system was considered highly suitable for the renewal of ISO/TS 16949 and ISO 14001.
    Cristina Pereira – Gerente adjunta de Informática    		      
    Coindu

  • Organizations of all types and sizes are facing a range of risks that can affect the achievement of their objectives. These objectives can relate to a range of the organization's activities, from strategic initiatives to its operations, processes and projects, and be reflected in terms of strategic, operational, financial and reputational outcomes and impacts.

    All activities of an organization involve risks. Risk management aids decision making by taking account of uncertainty and its effect on achieving objectives and assessing the need for any actions.

    Organizations of all types and sizes are facing a range of risks that can affect the achievement of their objectives. These objectives can relate to a range of the organization's activities, from strategic initiatives to its operations, processes and projects, and be reflected in terms of strategic, operational, financial and reputational outcomes and impacts.

    All activities of an organization involve risks. Risk management aids decision making by taking account of uncertainty and its effect on achieving objectives and assessing the need for any actions.

    The ISO 31000 Standard offers generic orientations for risk management. ISO 31000 sets out principles, a framework, and a process for the management of all forms of risk, including safety and environment, in all organizations, regardless of size. It does not mandate a one-size-fits-all approach, but emphasizes tailoring the principles and guidelines to the specific needs and structure of the organization.

    The risk management process contained in ISO 31000 follows the well worn lead set by the Australian and New Zealand standard AS/NZS 4360, which consists of:

    • Communication and consultation
    • Establishing the context
    • Risk assessment consisting of  the three steps of identification, analysis and evaluation
    • Risk treatment
    • Monitoring and review

    Back to top      Close

    • Benefits

    When implemented and maintained in accordance with ISO 31000 International Standard, risk management enables an organization to, for example:

    • Encourage proactive rather than reactive management
    • Be aware of the need to identify and treat risk throughout the organization
    • Improve identification of opportunities and threats
    • Comply with relevant legal and regulatory requirements and international norms
    • Improve financial reporting
    • Improve corporate governance
    • Improve stakeholder confidence and trust
    • Establish a reliable basis for decision making and planning
    • Improve controls
    • Effectively allocate and use resources for risk treatment
    • Improve operational effectiveness and efficiency
    • Improve incident management and prevention
    • Minimize loss

    The application of risk management approach described in ISO 31000 International Standard helps to ensure that specifically criteria for a certain segment is identified and applied.

     

    The Challenge

  • The problems and challenges associated with the ISO 31000 Standard are directly associated with its main principles and are listed below:

    • Creating value
    • Being an integral part of organizational processes
    • Being part of decision making
    • Being systematic, structured and timely
    • Being based on the best available information
    • Being tailored.
    • Taking human and cultural factors into account
    • Being transparent and inclusive
    • Being dynamic, iterative and responsive to change
    • Facilitating continual improvement and enhancement of the organization

    The problems and challenges associated with the ISO 31000 Standard are directly associated with its main principles and are listed below:

    • Creating value
    • Being an integral part of organizational processes
    • Being part of decision making
    • Being systematic, structured and timely
    • Being based on the best available information
    • Being tailored.
    • Taking human and cultural factors into account
    • Being transparent and inclusive
    • Being dynamic, iterative and responsive to change
    • Facilitating continual improvement and enhancement of the organization

    The greatest challenge faced by ISO 31000 lied in establishing a common terminology, as well as standardizing best practices and frameworks so that organizations could implement risk management practices in their processes.

    The SoftExpert Excellence Suite offers tools for the complete management of the organization’s risks in compliance with the ISO 31000 International Standard while also meeting the specific needs of each application. All of this in a collaborative and integrated environment that guarantees the standardization and correct use of information to obtain excellence in risk management.

    Back to top      Close

Back to top

Each SoftExpert component addresses key compliance issues as shown below:

Module IS0 31000 Requirements
SE Document
SE Document
  • Maintains the documentation generated during the ISO 31000 process – including risk management policy – secure and centralized so that it can be accessed by users and auditors practically anywhere.
  • Automates forwarding, revision and approval, among other activities, boosting the team’s efficiency.
  • Allows changes to be easily traced.
  • Provides external auditors the means to recover and locate documents easily and quickly, saving time.
  • Guarantees that the history of conformities, revisions, etc., is always available.
  • Guarantees that only the latest version of the document is used, avoiding the use of obsolete documents.
SE Process
SE Process
  • Guarantees that the processes that will undergo risk evaluation are defined, planned and documented.
  • Guarantees that the processes are monitored and controlled.
  • Guarantees traceability.
SE Risk
SE Risk
  • Manages business and operational risks.
  • Facilitates the identification of process, project, product and asset risks, among others.
  • Allows the elaboration of risk evaluation methods based on quantitative, qualitative and matrix criteria, providing evidence for the organization’s appetite for risk.
  • Automates the application of risk evaluations.
  • Facilitates the identification and evaluation of risk-related controls.
  • Determines the residual evaluation risk, identifying the treatment options and their application.
  • Ensures the continuous monitoring and revision of the risk management
SE Project
SE Project
  • Guarantees that the projects to undergo risk evaluation are defined, planned and documented.
  • Operationalizes the treatments applied to risks.
  • Guarantees the distribution and execution of activities, managing the effort and deadline of the same.
  • Guarantees that the history of each project is always available.
  • Allows the evaluation of the implemented project and full communication with stakeholders.
SE Action Plan
 SE Action Plan
  • Helps organizations effectively coordinate and manage the entire workflow by maintaining team communication and improving collaboration through the centralized control of action plan and task planning, execution and monitoring, including corrective, preventive or predictive actions.
SE Audit
 SE Audit
  • Programs audits, taking into consideration the scope, status and importance of the processes and/or areas to be audited.
  • Defines criteria, methods, responsibilities and requirements to be audited.
SE BI
 SE BI
  • Provides status with standard one-click reports.
  • Creates custom reports.
  • Helps identify, collect and analyze appropriate data to demonstrate the suitability and effectiveness of the management system.
SE Portfolio
 SE Portfolio
  • Guarantees that the projects to undergo risk evaluation are defined, planned and documented.
  • Operationalizes the treatments applied to risks.
  • Guarantees the distribution and execution of activities, managing the effort and deadline of the same.
  • Guarantees that the history of each project is always available.
  • Allows the evaluation of the implemented project and full communication with stakeholders.

Back to top

 ?>
Download Center
Select materials of interest and click Download