Risk Management – Article 9
Risk Management Process – Establishing the context – An Overview
Keshav Ram Singhal
Sub-clauses to clause 5.3 of ISO 31000:2009 standard provides guidelines on establishing the context, which are as under:
5.3 – Establishing the context
5.3.1 – General
5.3.2 – Establishing the external context
5.3.3 – Establishing the internal context
5.3.4 – Establishing the context of the risk management process
5.3.5 – Defining risk criteria
The objectives of establishing the context of the organization are mentioned in sub-clause 5.3.1 of the standard and these may be summarized as:
- By establishing the context the organization articulates its objectives
- By establishing the context the organization defines parameters (external and internal) to consider to manage risks
- By establishing the context the organization sets the scope and risk criteria for risk management process
During the process of establishing the context, the organization should consider in a wide spread way and to a higher degree than is usual or average so as to provide special emphasis to the point that how the people in the organization relate the context for the risk management process to the scope of the particular risk management process.
The whole process of establishing the context includes establishing the external context, establishing the internal context, establishing the context of the risk management process and defining risk criteria, which we will discuss in forthcoming articles.