Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Risk management

7 The risk management process

There are a number of formal risk management processes, which will be covered in more detail in Session 2. They are typically written at a high level and it is recommended that the detailed approach followed is adapted to fit the task. However, there is a set of commonly recognised process steps. In this case, and for the rest of this module, the International Organization for Standardization (ISO) 31000:2018 standard will be referred to.

Described image
Figure 1 ISO 31000 diagram

The process is iterative and when performed properly has multiple feedback loops between the different process steps. Unlike many processes, the risk process can operate at any (and all) levels of an organisation, works for any activity and applies to all types of risk. You will explore each of these steps in more detail in the coming sessions.

Box 1 COSO and ISO 31000

There are many similarities between COSO and ISO 31000. They share many common principles. Both focus on identifying, assessing and treating risks and monitoring them on a regular basis. They also both focus on the importance of good governance and culture to enable good risk management.

The main differences stem from their backgrounds. COSO evolved from a focus on financial reporting, whereas ISO evolved from a quality management system focus – so has more of a process or quality system focus.

COSO therefore has a greater focus on strategic risks and loss prevention (i.e. predominantly threat (downside) risks). It is aimed at the board (and senior leaders) and focuses on controls as the main treatment activity.

ISO on the other hand takes a much wider scope, looking to work for all risks (threat and opportunities) at all levels of an organisation. It looks to understand the risks to all objectives.

The terminology used is similar (but not the same) so firms looking to apply both approaches should understand the differences and potential conflicts between the two.


Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371