ISO 31000 was published as a standard for risk management in November 2009 and forms the first set of international guidelines for risk management. Its purpose is to provide principles and guidance on risk management that are applicable and adaptable for "any public, private or community enterprise, association, group or individual."
Accordingly, the general scope of ISO 31000 family of risk management standards is to provide best practice structure and guidance to all operations concerned with risk management, rather than being developed for any specific industry or sector and covers any type of risk across the whole organisation, whether positive or negative in impact.
The scope of the ISO 31000 approach to risk management is to enable all strategic, management and operational tasks of an organization throughout projects, functions, and processes to be aligned to a common set of risk management objectives.
The ISO 31000 risk management process has five main activities: (1) communication and consultation; (2) establishing the context; (3) risk assessment, where risk is identified, analyzed, and evaluated; (4) risk treatment; and (5) monitoring. Perhaps this will be familiar to most risk professionals or anyone who has implemented risk management processes, but it does provide a consistent starting point.
Largely the value of ISO 31000 is the accessibility of the standard in that it is less than 25 pages and effectively articulates the essentials of framework and processes.