This British Standard provides a basis for understanding, developing,
implementing and maintaining proportionate and effective risk management throughout an organization, in order to enhance
the organization's likelihood of achieving its objectives. This British Standard establishes the principles and terminology for risk
management, and gives recommendations for the model, framework, process and implementation of risk management which are derived
from experience and good practice.
NOTE I A glossary gives the definitions of the risk management terms most commonly used in this Standard, with the first instance of each term
being highlighted in bold to indicate that it is included in the glossary. With some exceptions, the definitions in the glossary are consistent with
those given in Working Draft 2 of ISO Guide 73 (1 April 2008).
The basic risk management principles (see Clause 2) are applicable to any organization, but the way they are implemented will vary according to an organization's nature, including size and complexity,and context.
This Standard is intended for use by anyone with responsibility for any of the following:
ensuring an organization achieves its objectivesi
ensuring risks are proactively managed in specific areas or
activities;
~ overseeing risk management in an organization;
~ providing assurance on the effectiveness of an organization's risk
management; and/or
~ reporting to stakeholders, e.g. through disclosures in annual
financial statements, corporate governance reports and corporate
social responsibility reports.
NOTE 2 Annex A gives guidance on risk categories, Annex B gives
examples of risk management tools, Annex C discusses the effects of
controls, Annex D explains the use of risk maturity models and Annex E
specifies the incorporation of the potentially positive consequences of risk
into risk management.
BS 31100:2008 history
2021BS 31100:2021 Risk management. Code of practice and guidance for the implementation of BS ISO 31000:2018
2011BS 31100:2011 Risk management. Code of practice and guidance for the implementation of BS ISO 31000
2008BS 31100:2008 Risk management - Code of practice