ISO+31000风险管理国际标准

THISDOCUMENTISADRAFTCIRCULATEDFORCOMMENTANDAPPROVAL.ITISTHEREFORESUBJECTTOCHANGEANDMAYNOTBEREFERREDTOASANINTERNATIONALSTANDARDUNTILPUBLISHEDASSUCH.INADDITIONTOTHEIREVALUATIONASBEINGACCEPTABLEFORINDUSTRIAL,TECHNOLOGICAL,COMMERCIALANDUSERPURPOSES,DRAFTINTERNATIONALSTANDARDSMAYONOCCASIONHAVETOBECONSIDEREDINTHELIGHTOFTHEIRPOTENTIALTOBECOMESTANDARDSTOWHICHREFERENCEMAYBEMADEINNATIONALREGULATIONS.RECIPIENTSOFTHISDRAFTAREINVITEDTOSUBMIT,WITHTHEIRCOMMENTS,NOTIFICATIONOFANYRELEVANTPATENTRIGHTSOFWHICHTHEYAREAWAREANDTOPROVIDESUPPORTINGDOCUMENTATION.DRAFTINTERNATIONALSTANDARDISO/DIS31000©InternationalOrganizationforStandardization,2008INTERNATIONALORGANIZATIONFORSTANDARDIZATION•МЕЖДУНАРОДНАЯОРГАНИЗАЦИЯПОСТАНДАРТИЗАЦИИ•ORGANISATIONINTERNATIONALEDENORMALISATIONISO/PC992Votingbeginson:2008-04-01Secretariat:TMBVotingterminateson:2008-09-01Riskmanagement—PrinciplesandguidelinesonimplementationManagementdurisque—PrincipesetlignesdirectricesdemiseenapplicationICS03.100.01InaccordancewiththeprovisionsofCouncilResolution15/1993thisdocumentiscirculatedintheEnglishlanguageonly.ConformémentauxdispositionsdelaRésolutionduConseil15/1993,cedocumentestdistribuéenversionanglaiseseulement.Toexpeditedistribution,thisdocumentiscirculatedasreceivedfromthecommitteesecretariat.ISOCentralSecretariatworkofeditingandtextcompositionwillbeundertakenatpublicationstage.Pouraccélérerladistribution,leprésentdocumentestdistribuételqu'ilestparvenudusecrétariatducomité.LetravailderédactionetdecompositiondetexteseraeffectuéauSecrétariatcentraldel'ISOaustadedepublication.ISO/DIS31000ii©ISO2008–AllrightsreservedPDFdisclaimerThisPDFfilemaycontainembeddedtypefaces.InaccordancewithAdobe'slicensingpolicy,thisfilemaybeprintedorviewedbutshallnotbeeditedunlessthetypefaceswhichareembeddedarelicensedtoandinstalledonthecomputerperformingtheediting.Indownloadingthisfile,partiesacceptthereintheresponsibilityofnotinfringingAdobe'slicensingpolicy.TheISOCentralSecretariatacceptsnoliabilityinthisarea.AdobeisatrademarkofAdobeSystemsIncorporated.DetailsofthesoftwareproductsusedtocreatethisPDFfilecanbefoundintheGeneralInforelativetothefile;thePDF-creationparameterswereoptimizedforprinting.EverycarehasbeentakentoensurethatthefileissuitableforusebyISOmemberbodies.Intheunlikelyeventthataproblemrelatingtoitisfound,pleaseinformtheCentralSecretariatattheaddressgivenbelow.CopyrightnoticeThisISOdocumentisaDraftInternationalStandardandiscopyright-protectedbyISO.Exceptaspermittedundertheapplicablelawsoftheuser'scountry,neitherthisISOdraftnoranyextractfromitmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,photocopying,recordingorotherwise,withoutpriorwrittenpermissionbeingsecured.RequestsforpermissiontoreproduceshouldbeaddressedtoeitherISOattheaddressbeloworISO'smemberbodyinthecountryoftherequester.ISOcopyrightofficeCasepostale56CH-1211Geneva20Tel.+41227490111Fax+41227490947E-mailcopyright@iso.orgWeb©ISO2008–AllrightsreservediiiContentsPage16Foreword.........................................................................................................................................................iv17Introduction......................................................................................................................................................v181Scope...................................................................................................................................................1192Normativereferences.........................................................................................................................1203Termsanddefinitions.........................................................................................................................1214Principlesformanagingrisk..............................................................................................................1225Frameworkformanagingrisk............................................................................................................3235.1General................................................................................................................................................3245.2Mandateandcommitment..................................................................................................................4255.3Designofframeworkformanagingrisk............................................................................................4265.3.1Understandingtheorganizationanditscontext..............................................................................4275.3.2Riskmanagementpolicy....................................................................................................................5285.3.3Integrationintoorganizationalprocesses........................................................................................5295.3.4Accountability....................................