ISO 31000:2009 Risk management (preview).
This publication provides generic guidelines for the design, implementation and maintenance of risk management processes throughout an organization. It provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
However, ISO 31000 cannot be used for certification purposes, but does provide guidance for internal or external audit programs. Organizations using it can compare their risk management practices with an internationally recognized [benchmark]], providing sound principles for effective management and corporate governance.