Risk management

A maturity model based on ISO 31000

Diogo Proenca, Joao Estevens, Ricardo Vieira, Jose Borbinha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Risk Management, according with the ISO Guide 73 is the set of 'coordinated activities to direct and control an organization with regard to risk'. In a nutshell, Risk Management is the business process used to manage risk in organizations. ISO 31000 defines a framework and process for risk management. However, implementing this standard without a detailed plan can become a burden on organizations. This paper presents a maturity model for the risk management process based on ISO 31000. The purpose of this model is to provide an assessment tool for organizations to use in order to get their current risk management maturity level. The results can then be used to create an improvement plan which will guide organizations to reach their target maturity level. This maturity model allows organizations to assess a risk management process according to the best practices defined in risk management references. The maturity model can also be used as a reference for improving this process since it sets a clear path of how a risk management process should be performed.

Original languageEnglish
Title of host publicationProceedings - 2017 IEEE 19th Conference on Business Informatics, CBI 2017
EditorsBabis Theodoulidis, Peri Loucopoulos, Yannis Manolopoulos, Jelena Zdravkovic, Oscar Pastor
Place of PublicationPiscataway
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages99-108
Number of pages10
Volume1
ISBN (Electronic)9781538630341
DOIs
Publication statusPublished - 14 Aug 2017
Event19th IEEE Conference on Business Informatics, CBI 2017 - Thessaloniki, Greece
Duration: 24 Jul 201727 Jul 2017

Conference

Conference19th IEEE Conference on Business Informatics, CBI 2017
CountryGreece
CityThessaloniki
Period24/07/1727/07/17

Fingerprint

Risk Management
Risk management
Model-based
Maturity model
Best Practice
Business Process
Model
Path
Target
Management process

Keywords

  • ISO 31000
  • Maturity Model
  • Risk Management

Cite this

Proenca, D., Estevens, J., Vieira, R., & Borbinha, J. (2017). Risk management: A maturity model based on ISO 31000. In B. Theodoulidis, P. Loucopoulos, Y. Manolopoulos, J. Zdravkovic, & O. Pastor (Eds.), Proceedings - 2017 IEEE 19th Conference on Business Informatics, CBI 2017 (Vol. 1, pp. 99-108). [8010711] Piscataway: Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CBI.2017.40
Proenca, Diogo ; Estevens, Joao ; Vieira, Ricardo ; Borbinha, Jose. / Risk management : A maturity model based on ISO 31000. Proceedings - 2017 IEEE 19th Conference on Business Informatics, CBI 2017. editor / Babis Theodoulidis ; Peri Loucopoulos ; Yannis Manolopoulos ; Jelena Zdravkovic ; Oscar Pastor. Vol. 1 Piscataway : Institute of Electrical and Electronics Engineers Inc., 2017. pp. 99-108
@inproceedings{6fdc2be20aec405e83882139387ccbb9,
title = "Risk management: A maturity model based on ISO 31000",
abstract = "Risk Management, according with the ISO Guide 73 is the set of 'coordinated activities to direct and control an organization with regard to risk'. In a nutshell, Risk Management is the business process used to manage risk in organizations. ISO 31000 defines a framework and process for risk management. However, implementing this standard without a detailed plan can become a burden on organizations. This paper presents a maturity model for the risk management process based on ISO 31000. The purpose of this model is to provide an assessment tool for organizations to use in order to get their current risk management maturity level. The results can then be used to create an improvement plan which will guide organizations to reach their target maturity level. This maturity model allows organizations to assess a risk management process according to the best practices defined in risk management references. The maturity model can also be used as a reference for improving this process since it sets a clear path of how a risk management process should be performed.",
keywords = "ISO 31000, Maturity Model, Risk Management",
author = "Diogo Proenca and Joao Estevens and Ricardo Vieira and Jose Borbinha",
note = "info:eu-repo/grantAgreement/FCT/5876/147295/PT# UID/CPO/04627/2013",
year = "2017",
month = "8",
day = "14",
doi = "10.1109/CBI.2017.40",
language = "English",
volume = "1",
pages = "99--108",
editor = "Babis Theodoulidis and Peri Loucopoulos and Yannis Manolopoulos and Jelena Zdravkovic and Oscar Pastor",
booktitle = "Proceedings - 2017 IEEE 19th Conference on Business Informatics, CBI 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

Proenca, D, Estevens, J, Vieira, R & Borbinha, J 2017, Risk management: A maturity model based on ISO 31000. in B Theodoulidis, P Loucopoulos, Y Manolopoulos, J Zdravkovic & O Pastor (eds), Proceedings - 2017 IEEE 19th Conference on Business Informatics, CBI 2017. vol. 1, 8010711, Institute of Electrical and Electronics Engineers Inc., Piscataway, pp. 99-108, 19th IEEE Conference on Business Informatics, CBI 2017, Thessaloniki, Greece, 24/07/17. https://doi.org/10.1109/CBI.2017.40

Risk management : A maturity model based on ISO 31000. / Proenca, Diogo; Estevens, Joao; Vieira, Ricardo; Borbinha, Jose.

Proceedings - 2017 IEEE 19th Conference on Business Informatics, CBI 2017. ed. / Babis Theodoulidis; Peri Loucopoulos; Yannis Manolopoulos; Jelena Zdravkovic; Oscar Pastor. Vol. 1 Piscataway : Institute of Electrical and Electronics Engineers Inc., 2017. p. 99-108 8010711.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Risk management

T2 - A maturity model based on ISO 31000

AU - Proenca, Diogo

AU - Estevens, Joao

AU - Vieira, Ricardo

AU - Borbinha, Jose

N1 - info:eu-repo/grantAgreement/FCT/5876/147295/PT# UID/CPO/04627/2013

PY - 2017/8/14

Y1 - 2017/8/14

N2 - Risk Management, according with the ISO Guide 73 is the set of 'coordinated activities to direct and control an organization with regard to risk'. In a nutshell, Risk Management is the business process used to manage risk in organizations. ISO 31000 defines a framework and process for risk management. However, implementing this standard without a detailed plan can become a burden on organizations. This paper presents a maturity model for the risk management process based on ISO 31000. The purpose of this model is to provide an assessment tool for organizations to use in order to get their current risk management maturity level. The results can then be used to create an improvement plan which will guide organizations to reach their target maturity level. This maturity model allows organizations to assess a risk management process according to the best practices defined in risk management references. The maturity model can also be used as a reference for improving this process since it sets a clear path of how a risk management process should be performed.

AB - Risk Management, according with the ISO Guide 73 is the set of 'coordinated activities to direct and control an organization with regard to risk'. In a nutshell, Risk Management is the business process used to manage risk in organizations. ISO 31000 defines a framework and process for risk management. However, implementing this standard without a detailed plan can become a burden on organizations. This paper presents a maturity model for the risk management process based on ISO 31000. The purpose of this model is to provide an assessment tool for organizations to use in order to get their current risk management maturity level. The results can then be used to create an improvement plan which will guide organizations to reach their target maturity level. This maturity model allows organizations to assess a risk management process according to the best practices defined in risk management references. The maturity model can also be used as a reference for improving this process since it sets a clear path of how a risk management process should be performed.

KW - ISO 31000

KW - Maturity Model

KW - Risk Management

UR - http://www.scopus.com/inward/record.url?scp=85029442955&partnerID=8YFLogxK

U2 - 10.1109/CBI.2017.40

DO - 10.1109/CBI.2017.40

M3 - Conference contribution

VL - 1

SP - 99

EP - 108

BT - Proceedings - 2017 IEEE 19th Conference on Business Informatics, CBI 2017

A2 - Theodoulidis, Babis

A2 - Loucopoulos, Peri

A2 - Manolopoulos, Yannis

A2 - Zdravkovic, Jelena

A2 - Pastor, Oscar

PB - Institute of Electrical and Electronics Engineers Inc.

CY - Piscataway

ER -

Proenca D, Estevens J, Vieira R, Borbinha J. Risk management: A maturity model based on ISO 31000. In Theodoulidis B, Loucopoulos P, Manolopoulos Y, Zdravkovic J, Pastor O, editors, Proceedings - 2017 IEEE 19th Conference on Business Informatics, CBI 2017. Vol. 1. Piscataway: Institute of Electrical and Electronics Engineers Inc. 2017. p. 99-108. 8010711 https://doi.org/10.1109/CBI.2017.40