5.2 Communication and Consultation
Can we demonstrate communication and consultation with external
and internal stakeholders at all stages of the risk management
process?
Can we demonstrate we have considered internal and external
context, factors and how they relate to the scope of the particular risk
management process?
5.3.5 Defining Risk Criteria
Have we defined the criteria to be used to evaluate the significance of
risk?
5.4.2 Risk Identification
Have we identified sources of risk, areas of impact and their causes
and potential consequences?
Have we applied risk identification tools and techniques?
Do we use people with appropriate knowledge for risk identification?
Do we have processes to consider causes and sources of risks, their
consequences and the likelihood of the consequences to occur?
Do we compare the level of risk found during analysis process (5.4.3)
to our risk criteria to determine the need for treatment or further
analysis?
5.5.2 Selection of Risk Treatment Options
Do we have processes for selecting treatment options that consider
stakeholders, legal, regulatory and context?
Do we have processes to identify new risks introduced through
treatment?
Does the treatment plan identify priority order for risk treatments?
ISO 31000:2009 risk management – principles and guidelines checklist
4
ISO 31000:2009 RISK MANAGEMENT – PRINCIPLES AND GUIDELINES CHECKLIST