The ISO 31000 framework is designed to provide a consistent and structured approach to risk management, and this includes how to communicate key information to relevant stakeholders.
Management involved in the development of the risk strategy need to consult internal and external stakeholders throughout the creation and implementation of the framework. It is like any other business development strategy: it will only be effective if the right elements are communicated to the right people, at the right time.
Feedback can be gathered from stakeholders to ensure an appropriate strategy is put in place using the ISO 31000 framework. Leadership should be confident in their decision-making process and be ready to provide a rationale for decisions made regarding the risk strategy.
Clause 6.2: Gather Expertise
The design behind Clause 6.2 in the ISO 31000 framework is to bring together a range of areas of expertise in order to deliver a comprehensive risk strategy. This approach reflects the requirement of many other Standards, such as ISO 9001:2015, which state that risk and quality improvement are the responsibility of every individual rather than just a dedicated team.
To create a sense of inclusion, understanding, and continuous improvement, it is suggested under ISO 31000 that management communicate regularly with key stakeholders throughout the risk management strategy development. This also facilitates a risk-aware culture, improving alignment with business goals and objectives, as individuals become aware of their role within day-to-day risk management.
It is suggested that organisations using the ISO 31000 framework for their risk strategy follow the below points:
- Information should be presented in a timely, accurate, and factual way
- Key stakeholders should be communicated to at each step of the risk management process
- Information should be delivered in accordance with internal policy, confidentiality, respect to individuals’ private data, and maintain the integrity of sensitive information
- Communication is two-way: feedback from stakeholders is essential during the Evaluation stage of the ISO 31000 framework.