Principles of Risk Management for schools ISO 31000:2009 Risk Management

Risk management (RM) is:

  • a systematic process of threat identification, assessment and control
  • which seeks to prevent or minimise the potential consequences to school activities
  • without diminishing the curriculum’s intent.


Principle 1: Risk management creates and protects value.

Risk management contributes to the demonstrable achievement of objectives and improvement of performance in, for example, human health and safety, security, legal and regulatory compliance, public acceptance, environmental protection, product quality, project management, efficiency in operations, governance and reputation.

Principle 2: Risk management is an integral part of all organizational processes.

Risk management is not a stand-alone activity that is separate from the main activities and processes of the organization. Risk management is part of the responsibilities of management and an integral part of all organizational processes, including strategic planning and all project and change management processes.

Principle 3: Risk management is part of decision making.

Risk management helps decision makers make informed choices, prioritize actions and distinguish among alternative courses of action.

Principle 4: Risk management explicitly addresses uncertainty.

Risk management explicitly takes account of uncertainty, the nature of that uncertainty, and how it can be addressed.

Principle 5: Risk management is systematic, structured and timely.

A systematic, timely and structured approach to risk management contributes to efficiency and to consistent, comparable and reliable results.

Principle 6: Risk management is based on the best available information.

The inputs to the process of managing risk are based on information sources such as historical data, experience, stakeholder feedback, observation, forecasts and expert judgement.

However, decision makers should inform themselves of, and should take into account, any limitations of the data or modelling used or the possibility of divergence among experts.

Principle 7: Risk management is tailored.

Risk management is aligned with the school’s external and internal context and risk profile.

Principle 8: Risk management takes human and cultural factors into account.

Risk management recognises the capabilities, perceptions and intentions of external and internal people that can facilitate or hinder achievement of the school’s objectives.

Principle 9: Risk management is transparent and inclusive.

Appropriate and timely involvement of stakeholders and, in particular, decision makers at all levels of the school, ensures that risk management remains relevant and up-to-date. Involvement also allows stakeholders to be properly represented and to have their views taken into account in determining risk criteria.

Principle 10: Risk management is dynamic, iterative and responsive to change.

Risk management continually senses and responds to change. As external and internal events occur, context and knowledge change, monitoring and review of risks take place, new risks emerge, some change, and others disappear.

Principle 11: Risk management facilitates continual improvement of the school.

Schools should develop and implement strategies to improve their risk management maturity alongside all other aspects of their school.