Through implementation of Risk Management, there are a number of guiding principals that, when applied to an organization’s solution, should bring about meaningful change. For example, the International Organization for Standardization has identified the following 10 principals as being of particular importance for any risk management program:
Risk Management should:
• create intrinsic value for the organization.
• be an integral part of organizational processes & decision making.
• explicitly address uncertainty.
• be systematic and structured.
• be based on the best available information.
• be tailored.
• take into account human factors.
• be transparent and inclusive.
• be dynamic, iterative and responsive to change.
• be capable of continual improvement and enhancement.
