ISO 31000:2009 sets out principles, a framework and a process for the management of risk that are applicable to any type of organization in public or private sector. It does not mandate a "one size fits all" approach, but rather emphasises the fact that the management of risk must be tailored to the specific needs and structure of the particular organization.

ISO 31000 is designed to help organizations:

Increase the likelihood of achieving objectives
Encourage proactive management
Be aware of the need to identify and treat risk throughout the organization
Improve the identification of opportunities and threats
Comply with relevant legal and regulatory requirements and international norms
Improve financial reporting
Improve governance
Improve stakeholder confidence and trust
Establish a reliable basis for decision making and planning
Improve controls
Effectively allocate and use resources for risk treatment
Improve operational effectiveness and efficiency
Enhance health and safety performance, as well as environmental protection
Improve loss prevention and incident management
Minimize losses
Improve organizational learning
Improve organizational resilience.

ISO Consulting edit