ESTABLISHING THE CONTEXT
• To establish the context means to define the external and internal parameters that organizations must consider when they manage risk. • An organization’s external context includes its external stakeholders, its local, national, and international environment, as well as any external factors that influence its objectives. • An organization’s internal context includes its internal stakeholders, its approach to governance, its contractual relationships, and its capabilities, culture, and standards. • ISO 31000 expects the organization to consider the organization’s context when the organization define the scope of its risk management program, when the organization formulate its risk management policy, and when the organization establish its risk criteria.
IDENTIFY THE RISKS
ANALYZE THE RISKS
EVALUATE THE RISKS
TREAT THE RISKS
Made with FlippingBook - Share PDF online