MSP Course #3 – ISO 31000:2018 – Risk Management


Risks are everywhere! It seems almost impossible to get a handle on all of the things that could go wrong – any time, any place. The Purpose of implementing ISO 31000 is to give an organization a structure to manage risks in a logical way to help ensure identification and mitigation of relevant risks. Having a well established approach to ‘Risk’ can be a great asset for any organization, large or small. Being proactive is a financially rewarding activity and reduces non-conformances, a very expensive event.

METHODOLOGY – After taking the online course

If your organization would benefit from having a customized course, we can develop one for you.

It could be structured like this: Four online sessions of 3 hours each, 12 hours total. We use the IMSI 80/20 Model: 20% Instructor lecturing, and 80% exercises. ZOOM lets us create break-out rooms so 2 or 3 people can work together on exercises. Then a three week break to do the project. Students will be working together in the ‘Forum’ to share ideas and complete the project as a team or helping each other. Participants can access the Instructor with questions and/or talk to each other.Project will be specific to each organization and will be designed to improve the effectiveness of their management system, no matter what kind of system it is.


Certificates of Achievement are available for purchase after the course ($50) and Certificate of Competence after completion of a successful project and payment for review of the project ($500)


We’ll be looking at:

  1. Terms and Definitions [Clause 3]
  2. Principles [Clause 4]
  3. Framework [Clause 5]
    • Leadership and commitment [5.2]
    • Integration of ‘risk-based thinking’ into business processes [5.3]
    • Design of a Risk Management System [5.4]
    • Implementation [5.5]
    • Evaluation [5.6]
    • Improvement [5.7]
  4. Process [Clause 6]
    • Communication and consultation [6.2]
    • Scope, context and criteria [6.3]
    • Risk assessment [6.4]
    • Risk treatment [6.5]
    • Monitoring and review [6.6]
    • Recording and reporting [6.7]

Application Work at participants’ sites

  • Identify how the definitions apply [Clause 3]
  • Determine how the Risk Principles are being applied in their organization [Clause 4]
  • Develop a Framework for their Risk Management System [Clause 5]
  • Describe how communication takes place: when, buy whom, through which channels.
  • Document the Scope of the risk management processes in their organization, identify internal and external conditions relevant to risks that could impact the organization and that they can control [6.3.2, 6.3.3]
  • Define relevant risk criteria [6.3.4]
  • Perform a Risk Assessment [6.4.2, 6.4.3, 6.4.4]
  • Choose Risk treatment options and plan a course of action [6.5.2, 6.5.3]
  • Prepare and implement Risk treatment plans [6.6]
  • Establish and implement a method to review and record results [6.7]


  • Understanding by Leadership of how the definitions in ISO 31000 apply
  • Understanding of the Risk Principles and a sense of how they could be applied
  • Creation of a preliminary model for their Risk Management methodology
  • Processes to be used in a risk management system will be created and implemented
  • A risk assessment will have taken place or a review of the organization’s current risk management activities with suggestions for improvement
  • Conclusions about the effectiveness of risk identification and mitigation will be available for review by Management

Already registered? Click here to view available courses.

Not registered? Create an account to get started.