An Analysis of Risk Management Processes and Comparison with ISO31000:2018

  • Hakimah Hamir
  • Rabihah Md. Sum


The risk management literature documented a variety of risk management processes. The ISO 31000:2018 grouped risk identification, risk analysis and risk evaluation under risk assessment. The step after risk assessment is risk treatment. The final step is risk monitoring and review. The Institute of Risk - Risk Management Standard grouped risk identification, description, and estimation under risk assessment. COSO defined risk identification as event identification. Event identification identifies both risks and opportunities. This study explores and analyses risk management processes. This study seeks to understand steps in risk management processes, and whether all the steps follow the steps as outline by ISO 31000:2018 risk management process. The study finds variety of risk management process developed by previous studies. A risk management process can be as simple as four-step process or as comprehensive as twenty-three-step process.  Regardless the number of steps, ultimately there are four common steps in the risk management processes. The steps are risk identification, risk analysis, risk treatment, and monitoring and review. The finding of this study enhances knowledge on risk management processes. Each risk management process is unique to a particular business or area of application. However, despite the uniqueness, the study finds that the risk management processes use the sequence of the risk management process as outlined by ISO 31000: 2018 as their basis. The differences being the terms and descriptions of the steps in the process.


Abdul Rahman, N., Yaacob, Z., & Mat Radzi, R. (2016). The Challenges Among Malaysian SME: A Theoretical Perspective. World Journal of Social Sciences, 6(3), 124–132.
Abu Bakar, W. (2019). Risk Management Of Agriculture Project To Achieve Production Output: A Case Study On A Rockmelon Farm. Universiti Sains Islam Malaysia.
Barafort, B., Mesquida, A. L., & Mas, A. (2019). ISO 31000-Based Integrated Risk Management Process Assessment Model for IT Organizations. Journal of Software: Evolution and Process, 31(1).
Baranoff, E., Brockett, P. L., & Kahane, Y. (2009). Risk Management For Enterprises And Individuals. Flat World Knowledge, L.L.C.
Bensaada, I., & Taghezout, N. (2019). An Enterprise Risk Management System for SMEs: Innovative Design Paradigm And Risk Representation Model. Small Enterprise Research, 26(2), 179–206.
Crane, L., Gantz, G., Isaacs, S., Jose, D., & Sharp, R. (2013). Introduction To Risk Management: Understanding Agricultural Risk (2nd ed.). Extenson Risk Management Education and Risk Management Agency.
Demek, K. C., Raschke, R. L., Janvrin, D. J., & Dilla, W. N. (2018). Do Organizations Use A Formalized Risk Management Process To Address Social Media Risk? International Journal of Accounting Information Systems, 28, 31–44.
Duong, L. (2009). Influence Of Risk Management In Operations Of Small-Medium Enterprises And Micro Companies: A Case Study For Viope Solutions Ltd. Arcada University of Applied Sciences.
Ekwere, N. (2016). Framework Of Effective Risk Management In Small And Medium Enterprises (SMEs): A Literature Review. Bina Ekonomi, 20(1), 23–46.
Falkner, E. M., & Hiebl, M. R. W. (2015). Risk Management In SMEs: A Systematic Review Of Available Evidence. The Journal of Risk Finance, 16(2), 122–144.
Gorzeń-Mitka, I. (2015). Risk Management In Small And Medium-Sized Enterprises: A Gender-Sensitive approach. Problems of Mangement in the 21st Century, 10(2), 77–87.
ISO Guide 73:2009(en), Risk management — Vocabulary. (n.d.). Retrieved June 23, 2021, from
Md. Sum, R. (2015). Risk Prioritisation (RP): A Decision Making Tool For Risk Management (Issue December). Macquarie University.
Md. Sum, R., & Hamir, H. (2019). Sole Proprietor Micro Enterprise Risks and Risk Mitigation Techniques. In K. Mohd Noor, N. H. Ab Aziz, & M. Jober (Eds.), National Conference on the Humanities and Social Sciences (NACOSS) Proceeding (p. 17).
Moeller, R. R. (2007). COSO Enterprise Risk Management: Understanding the New Integrated ERM Framework. John Wiley & Sons.
Naude, M. J., & Chiweshe, N. (2017). A Proposed Operational Risk Management Framework For Small And Medium enterprises. South African Journal of Economic and Management Sciences, 20(1).
Panigrahi, A. K. (2012). Risk Management In Micro, Small and Medium Enterprises (MSMEs) In India: A Critical Appraisal. Asia Pacific Journal of Marketing & Management Review, 1(4), 59–72.
Ramly, E. F., & Osman, M. S. (2018). Development Of Risk Management Framework - Case Studies. Proceedings of the International Conference on Industrial Engineering and Operations Management, 2542–2551.
Srinivas, K. (2019). Process of Risk Management. In Perspectives on Risk, Assessment and Management Paradigms (pp. 0–16). IntechOpen.
Technical Committee ISO/TC 262. (2018). ISO 31000:2018(en) Risk management — Guidelines. International Organization for Standardization.
The Institute of Risk Management. (2002). A Risk Management Standard.
Verbano, C., & Venturini, K. (2013). Managing Risks In SMEs: A Literature Review And Research Agenda. Journal of Technology Management and Innovation, 8(3), 186–197.
Zoghi, F. S. (2017). Risk Management Practices And SMEs: An Empirical Study On Turkish SMEs. International Journal of Trade, Economics and Finance, 8(2), 123–127.
How to Cite
HAMIR, Hakimah; MD. SUM, Rabihah. An Analysis of Risk Management Processes and Comparison with ISO31000:2018. Asian Journal of Research in Business and Management, [S.l.], v. 3, n. 4, p. 16-30, dec. 2021. Available at: <>. Date accessed: 21 may 2022.