ISO 31000

Traditionally, companies insure themselves against common risks and fulfill legal requirements. However, many potential risks remain unrecognized.

ISO 31000:2018 (risk management) integrates risk management into all areas of a company, from strategy development to operational implementation.

The new standard does not just position risk management as another management system, but emphasizes the need to incorporate both threats and opportunities into strategic decision-making processes and operational procedures. Risk and safety management means to anticipate coincidence by means of a systematic approach.

• Proactive risk and safety management: A systematic approach to proactively manage risks.
• Targeted prevention: The best way to protect the company and increase profit opportunities.
• Detection of vulnerabilities: Identifying avoidable threats andpoints of attack for any business.
• Recognition of opportunities: Identification and evaluation of potential opportunities.
• Verification: Through accredited certification bodies with competent auditors.
• Early warning system: Possibility to recognize potential risks .
• Integration into existing management systems

Assessment acc. to ISO 31000 as well as the Risk Scans can be conducted in combination with a quality, environmental or safety management audit or implemented independently from auditing services.

ÖNORM D 4901 Certification (not accredited)

ÖNORM D 4901 is based on ISO 31000 and represents its implementation in practice. The term "risk management" according to ÖNORM D 4901 includes all uncertainties and effects on the strategic and operational goals, activities and requirements of an organization. The individual elements of ÖNORM D 4901 are objectively reviewed during the audit and the results are subsequently shared with the organization in an audit report.

ÖNORM D 4901 is based on the ISO High Level Structure and can be combined efficiently with other standards due to the same structure and format. Therefore, ÖNORM D 4901 can be quickly integrated into existing management systems and synergies can be used.

ISO 31000:2018 Audit (not accredited)

ONR 49001 is based on ISO 31000 (green text in ONR 49001) and represents its implementation in practice. This risk management audit is correspondingly practice oriented. As ONR 49001 is based on ISO 31000, the ONR 49001:2014 Audit will simultaneously refer to ISO 31000:2018.

Risk management can be conducted by companies and organizations independently from the size or sector.

• ISO 31000: Guarantee of a systematic risk management for all industries and sectors
• Risk Scan / Risk Quick Scan: Quickly obtaining a rough overview of the organization

Requirements relating to assessment acc. to ISO 31000

Assessment acc. to ISO 31000, which is conducted by Quality Austria, will be conducted according to an audit plan made together at the site. The assessors are certified Risk Managers or Risk Assessors. The following requirements will be considered:

• identification of conformity to the requirements placed by the standard
• people awareness
• identifying strengths and opportunities for improvement
• identifying hidden chances and risks and hazards
• showing alternative methods and practices

Requirements relating to qualityaustria‘s Risk Quick Scans or Risk Scans

qualityaustria‘s Risk Scans will be conducted together with top management in the form of a moderated self-assessment by experienced assessors at the site. qualityaustria’s Risk Scan acc. to the 10 RCM Method is a company analysis with a holistic approach:

• The company’s risk potential will be analyzed on the basis of the 10 RCM Method.
• Based on the 10 RCM Matrix Checklist, a risk related temperature curve will be made for the company.

At the Risk Quick Scan, 3 priorities from among the 10 RCM main groups will be chosen by the customer. These priorities will be processed completely. The remaining 7 RCM main groups will be covered by 10 key questions each. The Risk Quick Scan will take approx. 4 hours.

The Risk Scan includes complete processing of all the 10 main groups acc. to the 10 RCM Method and will take 8 hours. All documents and records created during the Risk Quick Scan and Risk Scan will exclusively remain at the customer’s.

ISO 37301, ISO 37001

• Flyer ISO 31000 and Assessment Risk Scans - pdf (556 KB)