The purpose of ISO 31000 is to be applicable and adaptable for "any public, private or community enterprise, association, group or individual.
[3] A draft International standard (DIS), which was open for public comment, was published on February 17, 2017.
The risk management process as described in ISO 31000 can be applied to any activity, including decision-making at all levels.
[8] Risk management process - systematic application of management policies, procedures and practices to the activities of communication, consulting, establishing the context, and identifying, analyzing, evaluating, treating, monitoring and reviewing risk.
A similar definition was adopted in ISO 9001:2015 (Quality Management Systems[10]), in which risk is defined as, "effect of uncertainty."
Subsequently, when implementing ISO 31000, attention is to be given to integrating existing risk management processes in the new paradigm addressed in the standard.
A detailed framework is described to ensure that an organization will have "the foundations and arrangements" required to embed needed organizational capabilities in order to maintain successful risk management practices.
Accordingly, senior position holders in an enterprise risk management organisation will need to be cognisant of the implications for adopting the standard and be able to develop effective strategies for implementing the standard, embedding it as an integral part of all organizational processes including supply chains and commercial operations.