Governance, Risk and Compliance Blog

ISO 31000: Communication & Consultation

Posted by Chris Owen on Wed, Apr 19, 2017

The ISO 31000 framework is designed to provide a consistent and structured approach to risk management, and this includes how to communicate key information to relevant stakeholders.

BOYD-the-risk1.jpg

Management involved in the development of the risk strategy need to consult internal and external stakeholders throughout the creation and implementation of the framework. It is like any other business development strategy: it will only be effective if the right elements are communicated to the right people, at the right time.

Feedback can be gathered from stakeholders to ensure an appropriate strategy is put in place using the ISO 31000 framework. Leadership should be confident in their decision-making process and be ready to provide a rationale for decisions made regarding the risk strategy.

communication-large-1.jpg

 

Clause 6.2: Gather Expertise

The design behind Clause 6.2 in the ISO 31000 framework is to bring together a range of areas of expertise in order to deliver a comprehensive risk strategy. This approach reflects the requirement of many other Standards, such as ISO 9001:2015, which state that risk and quality improvement are the responsibility of every individual rather than just a dedicated team.

To create a sense of inclusion, understanding, and continuous improvement, it is suggested under ISO 31000 that management communicate regularly with key stakeholders throughout the risk management strategy development. This also facilitates a risk-aware culture, improving alignment with business goals and objectives, as individuals become aware of their role within day-to-day risk management.

 

Communication Tips

It is suggested that organisations using the ISO 31000 framework for their risk strategy follow the below points:

  • Information should be presented in a timely, accurate, and factual way
  • Key stakeholders should be communicated to at each step of the risk management process
  • Information should be delivered in accordance with internal policy, confidentiality, respect to individuals’ private data, and maintain the integrity of sensitive information
  • Communication is two-way: feedback from stakeholders is essential during the Evaluation stage of the ISO 31000 framework.

 

Next in the series: Clause 6.3 – Establishing The Context

 

ISO 31000 Risk Management Toolkit