Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
ISO 31000:2018 Risk Management Guidelines
Role Play
Rating: 4.2 out of 5(17 ratings)
144 students

ISO 31000:2018 Risk Management Guidelines

Master the principles, framework, and process of ISO 31000:2018 for enterprise risk management excellence
Created byISO Horizon
Last updated 6/2026
English

What you'll learn

  • Navigate the full structure of ISO 31000:2018 including its principles, framework, and process clauses
  • Apply the eight risk management principles to real organizational decisions and governance
  • Design and implement a risk management framework with strong leadership and integration
  • Define risk criteria, risk appetite, and risk tolerance that reflect strategy and stakeholder expectations
  • Run rigorous risk identification, analysis, and evaluation using qualitative and quantitative methods
  • Use risk matrices, heat maps, bow-tie analysis, and risk registers with confidence and consistency
  • Select and document treatment options using avoid, modify, share, and retain strategies
  • Design key risk indicators, monitoring routines, and risk reports that drive better decisions
  • Connect ISO 31000 with ISO 27005, ISO 22301, and COSO ERM in an integrated risk architecture
  • Position ISO 31000:2018 inside a mature enterprise risk management capability that creates and protects value

Course content

26 sections31 lectures
  • What Is ISO 31000:2018 and Why It Matters8:04
    Explore ISO 31000:2018 Risk Management — Guidelines as the international reference document for designing, implementing, and improving risk management in any organization. Learn that ISO 31000 is a guidance standard, not a certifiable management system, meaning organizations adopt it to mature their risk practices rather than to achieve a certificate. Understand the structure of the document, which centers on three pillars — principles in Clause 4, framework in Clause 5, and process in Clause 6 — and how these pillars connect strategy to day-to-day decision making. Discover why boards, regulators, internal auditors, and senior management increasingly expect alignment with ISO 31000 across financial services, healthcare, energy, government, and technology sectors, and how the standard supports better decision making, stronger governance, and resilience in volatile environments.
  • The Evolution from ISO 31000:2009 to the 2018 Revision11:50
    Trace the development of ISO 31000 from its 2009 origin to the 2018 revision, learning how the discipline of risk management has shifted from a control-and-compliance activity to a value-creation discipline. Understand the key changes introduced in 2018, including a tighter focus on leadership, deeper integration with governance, a clearer set of principles, simpler language, and a more iterative process model. Examine how the 2018 revision reframes risk as the effect of uncertainty on objectives, encompassing both opportunities and threats. Learn how this evolution aligns ISO 31000 with the broader ISO management system structure and with the modern expectation that risk management should support strategy, resilience, and stakeholder trust rather than merely document hazards.
  • Essential Terms and Definitions in Risk Management7:12
    Master the core vocabulary defined in ISO Guide 73 and referenced throughout ISO 31000:2018, including risk, risk source, event, consequence, likelihood, risk owner, residual risk, inherent risk, risk criteria, risk appetite, and risk tolerance. Understand precisely how the standard distinguishes between risk identification, risk analysis, and risk evaluation as three discrete activities within risk assessment. Learn how terminology consistency enables clear communication across departments, with auditors, and across borders. Examine how concepts like uncertainty, vulnerability, and consequence interact to define a risk scenario, and why disciplined use of language is the first sign of a mature risk culture inside any organization.
  • ISO 31000 in Context — ISO 27005, ISO 22301, and COSO ERM11:13
    Compare ISO 31000:2018 with three closely related frameworks that risk managers encounter daily. Learn how ISO 27005 applies ISO 31000 principles specifically to information security risk, providing techniques for identifying threats to confidentiality, integrity, and availability. Understand how ISO 22301 addresses business continuity by treating disruption as a risk to organizational objectives, drawing on ISO 31000 for its risk assessment foundation. Examine how COSO Enterprise Risk Management — Integrating with Strategy and Performance complements ISO 31000 by emphasizing the link between risk and strategic decision-making in publicly traded environments. Discover how organizations integrate these frameworks rather than choose between them, creating a layered risk architecture that satisfies regulators, boards, and external auditors.
  • Section 1 Quiz: Foundations of ISO 31000:2018
  • Roleplay: Foundations of ISO 31000:2018

Requirements

  • Basic familiarity with how organizations are structured and governed
  • General understanding of business objectives, projects, and operations
  • Comfort reading professional documents and structured frameworks
  • No prior certification or formal risk management background required

Description

This course contains the use of artificial intelligence.

Risk has never been more central to organizational survival, and ISO 31000:2018 has become the global reference for how mature organizations think about, govern, and act on uncertainty. From cyber incidents and supply chain shocks to regulatory change and reputational crises, the discipline of risk management is now a board-level capability rather than a back-office function. This course gives you a rigorous, practical, and current understanding of the international guidance that underpins how risk is managed in financial services, healthcare, energy, government, technology, and beyond.

You will work through the full structure of ISO 31000:2018, starting with its scope, vocabulary, and history, and how it compares with ISO 27005, ISO 22301, and COSO ERM. You will study the eight principles in Clause 4 — integrated, structured and comprehensive, customized, inclusive, dynamic, best available information, human and cultural factors, and continual improvement — and see how each one shows up in real organizational behavior. You will master the risk management framework of Clause 5, including leadership and commitment, integration, design, implementation, evaluation, and improvement. You will then walk step by step through the risk management process in Clause 6, covering communication and consultation, scope, context and criteria, risk identification, risk analysis, risk evaluation, risk treatment, monitoring and review, and recording and reporting.

Along the way you will get a clear conceptual grounding in risk appetite and tolerance, risk criteria, risk matrices and heat maps, qualitative and quantitative analysis methods, bow-tie analysis, risk registers, treatment options of avoid, modify, share, and retain, key risk indicators, and the role of risk reporting at every level. You will see how all of these tools combine to form an integrated enterprise risk management capability that connects strategy, performance, and resilience.

This course is designed for risk managers, internal auditors, compliance officers, project managers, executives, and any professional accountable for risk oversight or decision-making. By the end you will be able to read ISO 31000:2018 fluently, apply it to your organization, and elevate the way risk is discussed in your boardroom. Enroll now and turn uncertainty into a strategic advantage.

Who this course is for:

  • Risk managers and enterprise risk professionals seeking ISO 31000:2018 mastery
  • Internal auditors evaluating risk management frameworks against international guidance
  • Compliance officers, governance leads, and quality professionals supporting risk programs
  • Project managers, program managers, and operational leaders accountable for risk in their domains
  • Senior managers, executives, and board members responsible for risk oversight and strategy