The output should make the tradeoff visible enough for someone else to inspect, challenge, and act on.
risk, governance, compliance & technology framework
Apply risk communication, context, assessment, treatment, monitoring and recording.
quick answer
ISO 31000 Risk Process is a flowchart for Risk management. It turns the decision into named fields, evidence, and a visible iso 31000 risk process worksheet / visual.
The output should make the tradeoff visible enough for someone else to inspect, challenge, and act on.
Apply risk communication, context, assessment, treatment, monitoring and recording.
Use COSO ERM Framework when its output is closer to the conversation you need: Structure governance, strategy, performance, review and information around risk.
worked example
A filled example is easier to understand than a blank template. Use it to see the shape before applying the framework to your own case.
A filled example so you can see the shape before applying ISO 31000 Risk Process to your own context.
A filled example so you can see the shape before applying ISO 31000 Risk Process to your own context.
generate yours
Start Ask PL with the framework, required inputs, and your context. It will ask for missing details, render the flowchart, and explain what decision the output should change.
Apply ISO 31000 Risk Process to my situation. Context: [Decision, audience, options, evidence, and constraints.] Use the ISO 31000 Risk Process structure: - Start/end: - steps: - decisions: - flows: Ask only for missing inputs that would change the output. Then render the flowchart and name the decision it should change.
how to use it
Use the framework to change a decision, not to fill a worksheet. Start narrow, add evidence, then inspect what the iso 31000 risk process worksheet / visual makes clearer.
Write the concrete risk management choice, tradeoff, or conversation the framework should change.
Fill the important slots: Start/end, steps, decisions, flows.
Mark what is measured, what comes from customers, and what is still judgment.
End with the next move, the riskiest assumption, or the evidence that would change the iso 31000 risk process worksheet / visual.
quality check
Use this check after the artifact is filled. Blank fields are not failure; they are the next research question. Look for concrete evidence, missing constraints, and assumptions that would change the next move.
The framework needs a concrete decision. Broad intent turns it into a worksheet, not a decision aid.
Good framework output makes assumptions visible enough for someone else to challenge.
The diagram is useful only if it changes the next product conversation.
common mistakes
Do not use ISO 31000 Risk Process as a worksheet. Name the choice, conversation, or tradeoff the output should change.
Separate measured facts, customer evidence, and leadership judgment so weak assumptions stay visible.
If the diagram does not match the decision, switch frameworks instead of stretching the boxes.
The framework should clarify the next move. It should not replace strategy, sequencing, or judgment.
use something else when
Structure governance, strategy, performance, review and information around risk.
Assess control environment, risk assessment, control activities, information/communication and monitoring.
Classify risks by likelihood and impact/severity.
faq
Apply risk communication, context, assessment, treatment, monitoring and recording.
Business context; objectives; available evidence; stakeholder judgment
ISO 31000 Risk Process worksheet / visual
Use ISO 31000 Risk Process when the decision matches this job: Apply risk communication, context, assessment, treatment, monitoring and recording.
Avoid it when you need COSO ERM Framework's output instead: Structure governance, strategy, performance, review and information around risk.
It is both: a structure for thinking and a visible flowchart that makes the decision easier to inspect.
A good input names the real decision, uses concrete evidence, and separates facts from assumptions.
Use the iso 31000 risk process worksheet / visual to choose the next move, name the riskiest assumption, or decide what evidence would change the call.
Use COSO ERM Framework when the real output you need is closer to: Structure governance, strategy, performance, review and information around risk.
Yes. Describe your context and Ask PL can ask for missing inputs, render the flowchart, and explain what decision it should change.