PSI - Issue 48

Snežana Stojičić et al. / Procedia Structural Integrity 48 (2023) 104 – 112 Stojičić et al/ Structural Integrity Procedia 00 ( 2023) 000–000

108

5

There are many recommended approaches to risk management. The ISO standard in this area, ISO 31000, recommends that the organisation develop, implement, and constantly improve its readiness for risk prevention. The purpose is the integration of risk management processes throughout the organisation (in management processes, determining strategy and planning, reporting processes, policies, company values, and corporate culture). The integration of the risk management process at the level of the entire organisation is often found in the literature under the terms enterprise risk management and similar. Risk management can be applied at all levels of the organisation, from the broadest company level through individual organisational parts all the way to individual projects and activities.

Fig. 3. Presentation of the processes covered by the ISO 31000 standard

Fig. 2. Strategy and processes related to risk management

The ISO 31000 standard provides generic guidelines for risk management (Fig. 3). The ISO 31000 standard provides guidelines for companies related to the way of integrating "risk-based" decision-making in the organisation from the aspects of management, planning, management, reporting, directing policies, values, and cultures. It repre sents an open, principle-driven system, which means that it enables organisations to apply the principles of the standard in their organisational context. It is applicable to all types of organisations, regardless of size or location, covers all types of risk, and is intended for use by all risk managers, not just risk management professionals. It covers areas:  Communication and consultative processes;  Establishing the context, determining the elements of the model that defines the basic parameters of risk management and determines the areas of application and criteria for other processes;  Risk assessments;  Risk identification;  Risk analysis;  Evaluation and prioritization of risks;  Dealing with risks (response in case of risk occurrence); and  Risk monitoring and review. Continuous recording and reporting on the actions have to be taken, both in order to document the actions and to achieve a knowledge base on possible responses to the resulting risks. The standard provides guidelines for managing the risks faced by organisations. The application of these guidelines can be adapted to each organisation and its context. Guidelines represent a common approach to managing each type of risk, so they are not specific to just one industry or sector. It can be used throughout the life cycle of an organisation and can be applied to any activity, including decision-making at all levels.