AS ISO 31000-2018 PDF

Full title and description

AS ISO 31000:2018 — Risk management — Guidelines. Australian adoption of ISO 31000:2018 providing principles, a framework and a process for managing risk applicable to organizations of any size, sector or activity.

Abstract

Provides high-level guidance on designing, implementing, maintaining and improving risk management in an organization. Emphasises creating and protecting value, leadership and integration of risk management into governance and decision-making, and a principles-based, customizable approach rather than prescriptive requirements. Not intended as a certifiable management-system standard but as guidance to inform internal or external audit and governance activities.

General information

• Status: Current (Australian adoption of ISO 31000:2018).
• Publication date: 30 October 2018 (AS adoption); ISO international edition published February 2018.
• Publisher: Standards Australia (AS adoption); original text published by the International Organization for Standardization (ISO).
• ICS / categories: 03.100.01 — Company organisation and management (risk management guidance).
• Edition / version: AS edition 1 (AS ISO 31000:2018), aligned with ISO 31000:2018 (ISO edition 2).
• Number of pages: 16 pages.

Key bibliographic and status details sourced from the Standards Australia product record and the ISO catalogue.

Scope

Guidelines for risk management applicable to any organization, activity or decision-making level. Covers principles for effective risk management, design and implementation of a risk management framework, and recommendations for the risk management process (context-setting, communication and consultation, risk identification, analysis, evaluation, treatment, monitoring, recording and reporting). The guidance is intentionally generic so it can be customised to an organisation’s context, objectives, size and complexity.

Key topics and requirements

• Risk management principles: creating and protecting value, integrated, structured and comprehensive, customised, inclusive (stakeholder involvement) and dynamic.
• Framework elements: leadership and commitment, integration with governance, design (context, roles, resources), implementation, evaluation and continual improvement.
• Risk management process: communication and consultation; scope, context and criteria; risk identification, analysis and evaluation; risk treatment; monitoring, review, recording and reporting.
• Emphasis on leadership accountability and embedding risk management into decision-making and organisational processes.
• Guidance for tailoring approaches to organisational context, culture and human factors; not prescriptive requirements for certification.

These topics summarise the core structure and requirements presented in the standard.

Typical use and users

Used by senior management, risk managers and committees, governance and compliance teams, internal and external auditors, consultants, project and programme managers, and public-sector bodies. Applicable for organisations implementing or improving enterprise risk management (ERM), embedding risk thinking into strategy and operations, or aligning governance and resilience activities. Also used as a reference for developing sector- or domain-specific risk practices.

Related standards

Commonly referenced with ISO/TR 31004 (guidance for implementation), ISO 31073 (risk management vocabulary), IEC 31010 (risk assessment techniques), ISO 31030 (managing travel-related risks), ISO 31022 (legal risk guidance), and various ISO/IEC standards on information security and governance (for example ISO/IEC 27005). The AS version supersedes earlier AS/NZS ISO 31000 editions (2009).

Keywords

risk management, risk framework, risk assessment, risk treatment, governance, enterprise risk management, ERM, ISO 31000, continual improvement, leadership, risk appetite, risk criteria, organisational context.

FAQ

Q: What is this standard?

A: AS ISO 31000:2018 is the Australian adoption of ISO 31000:2018, titled "Risk management — Guidelines", providing high-level guidance on establishing and maintaining effective risk management.

Q: What does it cover?

A: It covers risk management principles, the design and operation of a risk management framework, and a generic risk management process (context, identification, analysis, evaluation, treatment, monitoring and review). It is guidance, not a certifiable management-system standard.

Q: Who typically uses it?

A: Senior leaders, risk and compliance professionals, auditors, consultants, project managers and others responsible for governance, strategy and operational resilience across public, private and not-for-profit sectors.

Q: Is it current or superseded?

A: The 2018 edition is the current edition. ISO 31000:2018 was published in February 2018 (international edition) and the Australian adoption (AS ISO 31000:2018) was published on 30 October 2018; the ISO text was reviewed and confirmed in 2023. It supersedes earlier 2009 editions.

Q: Is it part of a series?

A: Yes — it sits within a family of risk-management guidance and related documents (for example ISO/TR 31004 for implementation guidance, ISO 31073 for vocabulary, IEC 31010 for techniques, and other sector-specific standards and guidance that build on ISO 31000 principles).

Q: What are the key keywords?

A: Risk management, risk assessment, risk framework, governance, ERM, risk appetite, continual improvement, leadership, ISO 31000.