Risk management standards

A number of standards have been developed worldwide to help organisations implement risk management systematically and effectively. These standards seek to establish a common view on frameworks, processes and practice, and are generally set by recognised international standards bodies or by industry groups. Risk management is a fast-moving discipline and standards are regularly supplemented and updated.

The different standards reflect the different motivations and technical focus of their developers, and are appropriate for different organisations and situations. Standards are normally voluntary, although adherence to a standard may be required by regulators or by contract.

IRM professional qualifications seek to equip students with the knowledge and judgement to select the appropriate standard or standards for use within their organisation.

Commonly used standards include:

  • ISO 31000 2009 – Risk Management Principles and Guidelines

  • A Risk Management Standard – IRM/Alarm/AIRMIC 2002 – developed in 2002 by the UK’s 3 main risk organisations. 

  • ISO/IEC 31010:2009 - Risk Management - Risk Assessment Techniques

  • COSO 2004 - Enterprise Risk Management - Integrated Framework

  • OCEG “Red Book” 2.0: 2009 - a Governance, Risk and Compliance Capability Model

IRM members can get further information and links to standards from our Online Resource Centre.