Risk Management Consultancy Based On ISO 31000:2009

Multimatics is one of Indonesia’s best consulting, training, and certification institutions. Specializing in IT Service Management System based on ISO/IEC 20000-1:2011, Information Security Management System based on ISO/IEC 27001:2013, Risk Management Principles and Guidelines based on ISO 31000:2009, and Quality Management System based on ISO 9001:2015 consulting. We provide integrated services of ISO international standard which enhance company performance, start from Awareness Training, Competency Certification, Consulting, until Management Certification from the Independent Certification Body.


Risk is defined as ‘the effect of uncertainty on objectives’. Organizations of all kinds face challenging natural, political, socio-economic and cultural influences that make their operating environments uncertain. These influences may impact on the extent to which objectives can be met.

The global financial crisis in 2008 demonstrated the importance of adequate risk management. Since that time, new risk management standards have been published, including the international standard, ISO 31000 ‘Risk management – Principles and guidelines’.

Risk management is an increasingly important business driver and stakeholders have become much more concerned about risk. Risk may be a driver of strategic decisions; it may be a cause of uncertainty in the organization or it may simply be embedded in the activities of the organization. An enterprise-wide approach to risk management enables an organization to consider the potential impact of all types of risks on all processes, activities, stakeholders, products and services.


Our Service

We offer comprehensive consulting services assistance on how organizations can certainly get the certification. It covers implementation of Risk Management based on ISO 31000:2009 with 3 main components: principles, framework and processes.

The step to implement ISO 31000:2009 is:

  1. Preparation
    • Risk Management Awareness Training based on ISO 31000:2009
    • Individual Competency Certification Training of ISO 31000:2009
  2. Implementation
  3. To implement ISO 31000 in your organization, we should follow the clause 3, clause 4 and clause 5 in ISO 31000 standard. The diagram below provides an effective summary of the process have to be followed

    1. Step 1: Principles – refer to clause 3:
    2. Risk management is a central part of the strategic management of any organisation. It is the process whereby organisations methodically address the risks attached to their activities. A successful risk management initiative should be proportionate to the level of risk in the organisation, aligned with other corporate activities, comprehensive in its scope, embedded into routine activities and dynamic by being responsive to changing circumstances.

      For risk management to be effective, an organization should at all levels comply with the 11 principles, those are :

      • Risk management should create and protect value
      • Risk management is an integral part of all organizational processes
      • Risk management is a part of decision making
      • Risk management explicitly addresses uncertainty
      • Risk management is systematic. Structured and timely
      • Risk management is based on the best available information
      • Risk management is tailored
      • Risk management takes human and cultural factors into account
      • Risk management is transparent and inclusive
      • Risk management is dynamic, iterative and responsive to change
      • Risk management facilitates continual improvement of the organization
      • Risk management is tailored
    3. Step 2: Framework – refer to clause 4:
    4. ISO 31000 includes the essential steps in the implementation and ongoing support of the risk management process. The initial component of the ISO 31000 framework is ‘mandate and commitment’ by the Board and this is followed by:

      • design of framework (Plan)
      • implement risk management (Do)
      • monitor and review framework (Check)
      • improve framework (Act)
    5.  Step 3: Process – refer to clause 5:
    6. Risk management process (clause 5) is an enhancement of clause 4.4 Implementing risk management. It consists of the following processes:

      5.2 Communication and consultation

      5.3 Establishing context

      5.4 Risk Assessment

      5.4.2 Risk Identification

      5.4.3 Risk analysis

      5.4.4 Risk evaluation

      5.5 Risk treatment

      5.6 Monitoring and review

  4. Certification Process
    • Pre-certification Audit
    • Certification body selection
    • Registration and Certification Process


Key Benefits of ISO 31000:2009

  1. Compliance and Assurance. Implementing risk management follows assurance steps, including adopting 11 principles, using PDCA implementation framework and implementing risk management processes
  2. Enhanced decision making. Accurate risk assessment will reduce unidentified and uncertainty events that could be deviated from desired objectives.
  3. Improvement in efficiency or operations. Mitigation or event eliminating negative risks will improve the efficiency or operations.
  4. Efficacy of strategy of the organization. A risk based thinking that is used as a basis of ISO 31000 risk management standard will sharpen the objective of the organization.

Scroll to Top