What is BS 31100:2011?
BS 31100:2011 gives users practical and specific recommendations on how to put the key principles of effective risk management, as specified in ISO 31000, into place in your organization.
How will BS 31100:2011 help me?
BS 31100:2011 gives users a process for managing risks reflecting the concensus of the UK's top risk management experts.
If you work for a large organization, for example, you may have many groups and many processes, each with their own scope, meetings, documents or methods.
This could be because they're working at different management levels, using different perspectives or focusing on different types of risks.
BS 31100:2011 outlines risk management process that can be followed and interpreted so that each group works in a way that is appropriate for them, increasing the chance that the best outcome is achieved.
Also, using a common process and language, the consistency and communication across your company will improve enhancing control and saving time.
What can a defined risk management process do?
It can help your organization to:
• achieve its objectives;
• ensure risks are managed proactively in specific areas or activities;
• oversee risk management;
• get assurance about the effectiveness of your company’s risk
management;
• report to stakeholders, e.g. through disclosures in annual financial
statements, corporate governance reports and corporate social responsibility
reports
What are the ‘key principles’ of ISO 31000:2009?
Risk management:
- creates and protects value
- is an integral part of all organizational processes
- is part of decision-making
- explicitly addresses uncertainty
- is systematic, structured and timely
- is based on the best available information
- is tailored
- takes human and cultural factors into account
- is transparent and inclusive
- is dynamic, iterative and responsive to change
- facilitates the continual improvement of an organization.
How does the BS 31100 fit with ISO 31000:2009 and ISO Guide 73?
This edition of BS 31100 matches the structure, terminology and diagrams of ISO 31000:2009 and expands on the recommendations given in the previous version of BS 31100.
What does BS 31100:2011 include?
Foreword
Introduction
1 Scope
2 Terms and definitions
3 Framework
3.1 General
3.2 Mandate and commitment
3.3 Design of framework for managing risk
3.4 Implementing risk management
3.5 Monitoring and review of the framework
3.6 Continual improvement of the framework
4 Process
4.1 General
4.2 Communication and consultation
4.3 Establishing the context
4.4 Risk assessment
4.5 Risk treatment
4.6 Monitoring and review
4.7 Monitoring performance of the instance of the risk management
process
4.8 Providing information to others
4.9 Recording the risk management process
Annexes
Annex A (informative) Risk management tools
Annex B (normative) Incorporating potentially positive consequences of
risk
Annex C (informative) Effects of controls
Bibliography
List of figures
Figure 1 – Risk management perspectives
Figure 2 – Relationships between the context, principles, framework and
process
Figure 3 – Illustrative set of instances of the risk management process in a larger
organization
Figure 4 – Development of components of the risk management framework
Figure 5 – Typical documentation for risk management
Figure 6 – Items to include in the description of the framework
Figure 7 – The risk management process
List of tables
Table 1 – Examples of tailoring
Table 2 – One possible breakdown of roles
Table 3 – Leadership responsibilities
Table 4 – Minimum responsibilities for everyone in the organization
Table 5 – Role of a risk management function
Table 6 – Items to cover related to risk management competence
Table 7 – Features of risk identification
Table A.1 – Examples of risk management tools (including techniques)
