ISO 31000 is a guide document and needs to be tailored to suit an organisation's specific needs. Many overcomplicate what needs to be a simple process if it is going to achieve widespread acceptance. All that is required is:

    • A Risk Breakdown Structure (RBS)
    • Objectives
    • Risk Description in a single sentence
    • Analysis
    • Treatments (with owner and action date)

The process is described in more detail in our brochure downloadable with this link "A KISS Process".

So here is a challenge for you - How does it compare with your process? Could yours be simpler and still effective? The dividend is likely to be increased usage.