ISO 31000 - the New, Streamlined Risk Management Standard," Forrester Research, Inc., 2010.

In the wake of massive risk management failures, regulators, rating agencies, executives, partners, and investors are expecting more from corporate risk managers. They will be asked to broaden the scope of their programs and to provide more detailed data and analysis to support better decision-making. Keeping up with these growing demands while the pace of business accelerates is beyond difficult - and industry guidance to help organize risk management efforts is a welcome development.

The International Organization of Standardization released the ISO 31000:2009 Risk management - Principles and guidelines standard, a well-crafted and straightforward framework explaining the elements of an effective risk management program.

This new standard is worthy of its early praise, but risk professionals must temper any expectations that it will dramatically change their discipline. Previous risk management frameworks, including the Committee of Sponsoring Organizations (COSO) Enterprise Risk Management (ERM) framework and the Australia/New Zealand 4360:2004 Risk Management Standard (AS/NZS 4360), gave similar guidance on risk management principles and processes; the primary difference with ISO 31000 is that it delivers its content more succinctly.