Principles of risk management

The International Organization for Standardization identifies the following principles of risk management: ^[4]

• Risk management should create value.
• Risk management should be an integral part of organizational processes.
• Risk management should be part of decision making.
• Risk management should explicitly address uncertainty.
• Risk management should be systematic and structured.
• Risk management should be based on the best available information.
• Risk management should be tailored.
• Risk management should take into account human factors.
• Risk management should be transparent and inclusive.
• Risk management should be dynamic, iterative and responsive to change.
• Risk management should be capable of continual improvement and enhancement.