Risk management, as described by IS0 31000, has multiple subprocesses such as risk identification, risk analysis, risk evaluation, risk treatment, communication, consultation, monitor and review. Concepts such as risk management, risk assessment and risk analysis are often used interchangeably. The ISO standards outline how these separate processes differ, creating a common language for communicating around risk and risk management.
Figure 1 below visualizes the risk management process as described by ISO 31000. This is not a step-like process and significant iteration is required between each step as well as between communication and consultation, and monitoring and review. Because each subprocess includes multiple repetitions, it makes it difficult to draw and visualize using a simple flowcharts. 2c8 offers a tool allowing you get a 360 degree view of your risk management process. By breaking down your processes in multiple layers 2c8 apps allows you to move between a birds-eye perspective to examining the details of a certain iteration.
Do you want to read more about risk management processes? Learn more about ISO 31000 at ISO’s website.