ISO 31000: Threats and opportunities are manageable for local government

imagesBy Ed Mallens

Risk management now has a usable reference what is useful for local government. In a brief and clearly written document, – NEN-ISO 31000 -, is explained what principles and guidelines are useful to identify, analyze and treat risks effectively. A generic description clarifies how risk management can be secured in an organization. NEN – ISO 31000 Risk management – Principles and Guidelines, is a useful document for employees, managers, and directors in public organizations. It’s a practical, easy to read document.


The risk management reference has found it’s anchorage in the NEN/ISO document. At the end of 2009 this document has been published for the audience and is usable in many different types of organizations, especially local governments.


There’s now a global generic reference available that specifies and clarifies the latest opinions and presents the definitions of the used terms. The document shows in the three core chapters the risk management proces, the risk management framework and the principles that make it possible to use risk management in reaching goals successfully.


Often is there some discussion about “risk” without clarifying the essence of the subject that is discussed. “Risk” is and was often used in many meanings and applications without specification. This frequently leads to a confusion of tongues.
Clear definitions are very important to describe the used terms. So it becomes very clear to everybody what the essence is of the idea. It’s good to know that the term “risk” can have an upward impact as well as a downward. Which was more in use to the common people nowadays. Risk is essential to every initiative, risk is quite scary for maintenance. Risks are always there and everywhere around, or so to speak, “If there’s no risk there will be no fun”. ISO risk definition:

Risk is the effect of uncertainty on objectives.

Some explanation:

• An objective = a preliminary, – clearly specified -, noted result or service.

• Effect = a deviation of the expected result.

• Uncertainty = the state of deficiency of information, understanding or knowledge.

The Process

The risk management process, asks specific attention for the context. The context is important to make the evaluation and treatment of the risk effective. Knowledge of the organization, it’s structure and cultural topics support the effectiveness of risk treatment activities. Continuous communication within the organization and the stakeholders is of great value; it can be pointed out by “communication and consultation”. The risk management process becomes transparant. The operation of the process and its progress are pointed out by the terms “monitoring and review”. This gives an clear view on the added value of the risk management process and gives an inside view of the operation of the process.

The Frame

Risk management is fully a part of all the processes and activities in a (public) organization. To make this a reality, a organization wide frame is specified in this chapter. Because of the frame the risk management function can be described. Explicitly the tasks, responsibilities and competencies of the employees who are working on risk management. The board of directors and senior management show the impact of risk management to the organization.
The committed mandate makes the essential phases of the framework operable. This includes the validation and development of the frame. The frame is logically related to the process(es). Risk management processes can exist multifunctional because of differences in projects, locations, competences of the workers as well as the specific issues of the speciality.


They are the reference for risk management to be organized and finds its meaning for the organization. The 11 principles are subject to auditors for investigation and the communication of the board with their stakeholders. The organization must, especially to itself, clarify what has been established during a certain period of time.

The Principles are input for as well the Frame as the Process. They are the soul of the risk management structure and – culture of the organization. They make it possible to show the developments that are established.


  • Risk management has grown up because of the international NEN-ISO document.
  • Communication about risk management becomes easy because of the new document.
  • Different kind of organizations can make the same development steps at the same time.
  • Transparency increases when you take this document as a guide.
  • The document can easily be used throughout the whole organization.

Our View

PRIMO uses the view in this document to increase the knowledge and use of risk management . Local- and regional government becomes more robust. Less sensitive for unexpected events. They allocate their threats more proactive en make the opportunities more profitable. We also present ourselves explicit on the subject of risk management. We will produce some practical guides with tailored solutions on implementing an using risk management in a frame and the different kind of processes.
Board members and general management will be given the opportunity to follow some Master Classes of maximum four sessions. There will be an evaluation after three months. One year later the development on risk management will be monitored and reviewed.

In September 2010 additional information will be lined out regarding implementation, working on, and developing with risk management. You can then also find the timetable of our presentations on NEN – ISO 31000; Risk management- principles and guidelines.