The basic outline of the book...

This book is being built to not only to mirror and expand on ISO31000 but equally to introduce a raft of new concepts and tools that support risk management. I’ve written it to flow logically you’ll probably get the most out of it if you have time to read it from start to finish but equally it’s being written so that you can jump into any section that you need when you need it. The book doesn’t just follow the flow of ISO31000 however.  Numerous annexes have been included to provide examples of risk templates and to expand on concepts such as enterprise risk management or opportunity realization.

Equally though, if all you need to know is how to identify and document risks, just jump right to section x.x (Identity Crisis… Will the ).  If you need a risk policy in a hurry, then head straight for Section x.y.  Likewise if your boss has told you they want a Risk Management Framework to present to the Board in 48 hours then Section x.z would be an ideal place to start.

I’ll also be including a number of Implementation Tips, Examples and Additional Information so if you just want specific how-to guides or examples of various aspects, you can simply go straight there.   When I pick up a book of this type, I’m usually looking for information to help me actually apply the material so you’ll find practical assistance and examples throughout each section as well as in the Annexes.

Section 2 will deal with some fundamental terms and definitions on which the rest of ISO31000 is predicated.  For the most part they are consistent with they way we understand terms in common usage however there are some particular differences in the way ISO31000 applies them which are worth understanding.

Section 3 will be about the underlying Principles of Risk Management in order that anyone applying ISO31000 will have a consistent understanding of they ways in which risk management can be applied.  This section also discusses some of the concepts behind how risk management could, should and would be applied if implemented fully.

Section 4 will focus on how to actually build a risk management framework for your organization, the elements and their respective interactions.   It is the precursor step to Section 5 where the rubber hits the road so to speak.

Section 5 is where risk management concepts will turn into risk management practice.  This is the section that most people in any given organization will have the most interaction with, whether in complex risk analysis, simple risk assessments or in contributing to implementing risk treatments.

You’ll ideally need to have a copy of ISO31000 handy.  You could simply implement risk management from the contents of this book however, I’m assuming that you bought this book because you’d like to implement risk management the ISO31000 way.  It’s not my intention to duplicate ISO31000 and hence you won’t find it repeated word for word here.  What I’ve attempted to do is to offer at least one if not several interpretations of how you might choose to actually apply the standard.
The book aligns with the flow of ISO31000 but there are some sections that simply don’t align specifically with just one part of the Standard.  You’ll find these sections in Section 7 Enhanced risk management.

 Figure 2: Relationship between Principles, Framework and Process (Source: ISO31000)