ISO 31000

ISO 31000 as framework

PRIMO Europe has chosen to take the ISO 31000 as referential framework for public risk management and the organisations working in the public domain. Although the framework is still very young, published in 2009, and need a lot of further development steps it is a complete framework in its essence.

ISO 31000 describes the principles and guidelines to identify, analyse and treat uncertainties in relevant business processes. With its framework it describes in headlines how goals can be reached successfully and the hereto related management can be secured in an organisation. It is a useful document for employees, managers, and directors in public organizations. It’s a practical and easy to read document. We place the following remarks:

  • Risk management has matured to a first phase (1.0) of development by this standard.
  • It need further development for true use in relation to public risk management, because of the higher complexity of this in comparison tot enterprise risk management.
  • Different kind of organisations can use the framework.
  • Communication within or between organisations can be improved using the common language within the framework.
  • Transparency of organisations and between politics, governing councils and management increases when you take this document as a guide.
  • The document can easily be used throughout the whole organization.
  • Benefits: local and regional government can become  more robust while using it. Less sensitive for unexpected events. They allocate their threats more proactive en make the opportunities more profitable.


ISO risk definition: Risk is the effect of  uncertainty on objectives.

  • Objective is a preliminary, – clearly specified -, noted result or service.
  • Uncertainty is the state of deficiency of information, understanding or knowledge.
  • Risk is often expressed in terms of a combination of the consequences of an event and the associated likelihood of occurrence. This relates a timeframe to a risk.


The risk management process demands specific attention for the context. This is important to make the evaluation and treatment of the risk effective. Knowledge of the organization, it’s structure and cultural topics support the effectiveness of risk treatment activities. Continuous communication within the organization and the stakeholders is of great value. It can be pointed out by “communication and consultation”. The risk management process becomes transparant. The operation of the process and its progress are pointed out by the terms “monitoring and review”. This gives an clear view on the added value of the risk management process and gives an inside view of the operation of the process.


Risk management is fully a part of all the processes and activities in a (public) organization. To make this a reality, a organization wide frame is specified in this chapter. Because of the frame the risk management function can be described. Explicitly the tasks, responsibilities and competencies of the employees who are working on risk management. The board of directors and senior management show the impact of risk management to the organisation.

The committed mandate makes the essential phases of the framework operable. This includes the validation and development of the frame. The frame is logically related to the process(es). Risk management processes can exist multifunctional because of differences in projects, locations, competences of the workers as well as the specific issues of the speciality.


They are the reference for risk management to be organized and finds its meaning for the organization. The 11 principles are subject to auditors for investigation and the communication of the board with their stakeholders. The organization must, especially to itself, clarify what has been established during a certain period of time.

The Principles are input for as well the Frame as the Process. They are the soul of the risk management structure and – culture of the organisation. They make it possible to show the developments that are established.


PRIMO Europe will start a European wide elaboration program for the use of ISO 31000 as basic framework for public risk management.

First we want to cooperate with ISO on the implementation guide ISO 31004. For that we will organise round tables to zoom in on public organisations and public domain related issues. We will produce some practical guides with tailored solutions on implementing and using risk management between the for the public domain characteristic interfaces, such as politics, council, management, private sector and citizens.

Further more we will roll out master classes (3 sessions) for our members for education and implementation purposes. We will do this in close cooperation with our members and partners.