01/09/2020 ISO 31000:2018 Risk Management Checklist - SafetyCulture

GO DIGITAL TODAY
Convert your paper
checklists into digital forms
Scan this QR code to use this
paper checklist on your
smartphone or tablet. Visit
www.iauditor.com

5. Risk Management Framework

Plan the establishment of your Risk Management Framework

Ask stakeholders to support the establishment of a framework.

Done To Do Not Applicable

Ask top management to support the establishment of a framework.

Done To Do Not Applicable

Evaluate your existing risk management practices and processes.

Done To Do Not Applicable

Identify gaps in your risk management practices and processes.

Done To Do Not Applicable

Establish a framework that meets your organization's unique needs.

Done To Do Not Applicable

Establish a framework that lls the gaps in existing practices and processes.

Done To Do Not Applicable

https://public-library.safetyculture.io/products/iso-310002018-risk-management-checklist 1/13
01/09/2020 ISO 31000:2018 Risk Management Checklist - SafetyCulture

Consider how you intend to develop your risk management framework.

Done To Do Not Applicable

Consider how you're going to design your risk management framework.

Done To Do Not Applicable

Consider how you're going to ll gaps in your existing practices and procedures.

Done To Do Not Applicable

Consider how you're going to make risk management part of your organization.

Done To Do Not Applicable

Consider how you're going to integrate risk management into all signi cant
activities

Done To Do Not Applicable

Consider how you're going to build risk management into all decision making
activities

Done To Do Not Applicable

Consider how you're going to integrate risk management into all signi cant
functions.

Done To Do Not Applicable

Consider how you're going to build risk management into all governance
functions.

Done To Do Not Applicable

https://public-library.safetyculture.io/products/iso-310002018-risk-management-checklist 2/13
01/09/2020 ISO 31000:2018 Risk Management Checklist - SafetyCulture

Consider how you're going to implement your risk management framework.

Done To Do Not Applicable

Consider how you're going to evaluate your risk management framework.

Done To Do Not Applicable

Consider how you're going to improve your risk management framework.

Done To Do Not Applicable

Show leadership by making a commitment to risk management

Ask your leaders to support a risk management framework.

Done To Do Not Applicable

Ask your leaders to make a commitment to risk management.

Done To Do Not Applicable

Ask oversight bodies to make a commitment to risk management.

Done To Do Not Applicable

Ask oversight bodies to align risk management with the organization's strategy.

Done To Do Not Applicable

Ask oversight bodies to align risk management with the organization's culture.

Done To Do Not Applicable

https://public-library.safetyculture.io/products/iso-310002018-risk-management-checklist 3/13
01/09/2020 ISO 31000:2018 Risk Management Checklist - SafetyCulture

Ask oversight bodies to align risk management with organizational objectives.

Done To Do Not Applicable

Ask oversight bodies to align risk management with organizational obligations.

Done To Do Not Applicable

Ask oversight bodies to align risk management with voluntary commitments.

Done To Do Not Applicable

Ask oversight bodies to be accountable for overseeing risk management.

Done To Do Not Applicable

Ask them to ensure that risks are understood throughout the organization.

Done To Do Not Applicable

Ask them to ensure that risks are communicated throughout the organization.

Done To Do Not Applicable

Ask them to ensure that risk management methods are communicated.

Done To Do Not Applicable

Ask them to ensure that risk management is integrated into all activities.

Done To Do Not Applicable

Ask them to ensure that risk management systems are implemented.

Done To Do Not Applicable

https://public-library.safetyculture.io/products/iso-310002018-risk-management-checklist 4/13
01/09/2020 ISO 31000:2018 Risk Management Checklist - SafetyCulture

Ask them to ensure that risk management systems are operating effectively.

Done To Do Not Applicable

Ask them to ensure that risk is properly evaluated when setting objectives.

Done To Do Not Applicable

Ask them to ensure that risk is properly managed when achieving objectives.

Done To Do Not Applicable

Ask oversight bodies to communicate the value of risk management.

Done To Do Not Applicable

Ask them to communicate the value of risk management to the organization.

Done To Do Not Applicable

Ask them to communicate the value of risk management to stakeholders.

Done To Do Not Applicable

Ask top management to make a commitment to risk management.

Done To Do Not Applicable

Ask top management to align risk management with the organization's strategy.

Done To Do Not Applicable

Ask top management to align risk management with the organization's culture.

Done To Do Not Applicable

https://public-library.safetyculture.io/products/iso-310002018-risk-management-checklist 5/13
01/09/2020 ISO 31000:2018 Risk Management Checklist - SafetyCulture

Ask top management to align risk management with organizational objectives.

Done To Do Not Applicable

Ask top management to align risk management with organizational obligations.

Done To Do Not Applicable

Ask top management to align risk management with voluntary commitments.

Done To Do Not Applicable

Ask top management to ensure that appropriate risk criteria are developed.

Done To Do Not Applicable

Ask them to ensure that risk criteria are communicated throughout the
organization.

Done To Do Not Applicable

Ask them to ensure that risk criteria are communicated to all relevant
stakeholders.

Done To Do Not Applicable

Ask top management to communicate the value of risk management.

Done To Do Not Applicable

Ask managers to communicate the value of risk management to the

organization.

Done To Do Not Applicable

https://public-library.safetyculture.io/products/iso-310002018-risk-management-checklist 6/13
01/09/2020 ISO 31000:2018 Risk Management Checklist - SafetyCulture

Ask managers to communicate the value of risk management to stakeholders.

Done To Do Not Applicable

Ask top management to be accountable for managing risk management.

Done To Do Not Applicable

Ask them to ensure that risk management is integrated into all activities.

Done To Do Not Applicable

Ask top management to monitor the unique risks facing their organization.

Done To Do Not Applicable

Ask top management to encourage personnel to systematically monitor risks.

Done To Do Not Applicable

Ask your leaders to establish a risk management framework.

Done To Do Not Applicable

Ask them to develop a framework that meets the organization's needs.

Done To Do Not Applicable

Ask them to prepare a general risk management policy statement.

Done To Do Not Applicable

Ask them to de ne their general approach to risk management.

Done To Do Not Applicable

https://public-library.safetyculture.io/products/iso-310002018-risk-management-checklist 7/13
01/09/2020 ISO 31000:2018 Risk Management Checklist - SafetyCulture

Ask them to prepare a general risk management plan of action.

Done To Do Not Applicable

Ask them to make people accountable for managing risk.

Done To Do Not Applicable

Ask them to assign risk management responsibilities.

Done To Do Not Applicable

Ask them to assign responsibilities at all appropriate levels.

Done To Do Not Applicable

Ask them to delegate risk management authorities.

Done To Do Not Applicable

Ask them to delegate authorities at all appropriate levels.

Done To Do Not Applicable

Ask them to allocate all required risk management resources.

Done To Do Not Applicable

Ask them to monitor the application of their risk management framework.

Done To Do Not Applicable

Ask them to ensure that it remains appropriate to the organization's context.

Done To Do Not Applicable

https://public-library.safetyculture.io/products/iso-310002018-risk-management-checklist 8/13
01/09/2020 ISO 31000:2018 Risk Management Checklist - SafetyCulture

Make your organization’s personnel responsible for managing risk

Make risk management an integral part of your organization's culture.

Done To Do Not Applicable

Ask everyone in your organization to be responsible for managing risk.

Done To Do Not Applicable

Ask your governance personnel to be responsible for managing risk.

Done To Do Not Applicable

Ask them to be responsible for making risk management part of governance.

Done To Do Not Applicable

Ask them to be responsible for making it part of the organization's purpose.

Done To Do Not Applicable

Ask them to be responsible for making it part of the organization's direction.

Done To Do Not Applicable

Ask them to be responsible for making it part of the organization's strategy.

Done To Do Not Applicable

Ask them to be responsible for making risk management part of management.

Done To Do Not Applicable

https://public-library.safetyculture.io/products/iso-310002018-risk-management-checklist 9/13
01/09/2020 ISO 31000:2018 Risk Management Checklist - SafetyCulture

Ask them to make management accountable for implementing risk

management.

Done To Do Not Applicable

Ask your management personnel to be responsible for managing risk.

Done To Do Not Applicable

Ask them to be responsible for making risk management part of management.

Done To Do Not Applicable

Ask them to make risk management part of the organization's roles.

Done To Do Not Applicable

Ask them to make risk management part of the organization's policies.

Done To Do Not Applicable

Ask them to make risk management part of the organization's objectives.

Done To Do Not Applicable

Ask them to make risk management part of the organization's operations.

Done To Do Not Applicable

Ask them to make risk management part of the organization's processes.

Done To Do Not Applicable

Ask them to make risk management part of the organization's practices.

Done To Do Not Applicable

https://public-library.safetyculture.io/products/iso-310002018-risk-management-checklist 10/13
01/09/2020 ISO 31000:2018 Risk Management Checklist - SafetyCulture

Ask them to make risk management part of the organization's rules.

Done To Do Not Applicable

Ask your rank-and- le personnel to be responsible for managing risk.

Done To Do Not Applicable

Use iterative methods to build risk management into your organization.

Done To Do Not Applicable

Make sure that your iterative methods meet your organization's needs.

Done To Do Not Applicable

Make sure that your organization's methods are compatible with its culture.

Done To Do Not Applicable

Design your organization's unique risk management framework

Consider your context when you develop your framework

Consider your organization’s context as you design your framework.

Done To Do Not Applicable

Examine and understand your organization’s external context.

Done To Do Not Applicable

Consider external in uences during framework design.

Done To Do Not Applicable

https://public-library.safetyculture.io/products/iso-310002018-risk-management-checklist 11/13
01/09/2020 ISO 31000:2018 Risk Management Checklist - SafetyCulture

Consider external stakeholders during framework design.

Done To Do Not Applicable

Examine and understand external stakeholder needs.

Done To Do Not Applicable

Examine and understand external stakeholder values.

Done To Do Not Applicable

Examine and understand external stakeholder perceptions.

Done To Do Not Applicable

Examine and understand external stakeholder expectations.

Done To Do Not Applicable

Examine and understand external stakeholder relationships.

Done To Do Not Applicable

Completion

General comments and observations

Enter text

https://public-library.safetyculture.io/products/iso-310002018-risk-management-checklist 12/13
01/09/2020 ISO 31000:2018 Risk Management Checklist - SafetyCulture

Sign off 

Please note that this checklist is a hypothetical example and provides basic information only. It is not intended to take the place of, among other things,
workplace, health and safety advice; medical advice, diagnosis, or treatment; or other applicable laws. You should also seek your own professional advice to
determine if the use of such checklist is permissible in your workplace or jurisdiction.

https://public-library.safetyculture.io/products/iso-310002018-risk-management-checklist 13/13