Keywords:
risk management
organizational resilience
business continuity
Latin America
governance

  • Abstract

    This paper highlights the crucial role of adopting ISO 31000 as a comprehensive and flexible risk management standard for organizations throughout Latin America. ISO 31000 provides a globally recognized framework for tackling various challenges, such as regulatory pressures, economic fluctuations, and operational inefficiencies. By embedding risk management into day-to-day operations and strategic decision-making, organizations can strengthen their resilience and improve decision-making processes. The study examines key elements of ISO 31000, such as risk identification, assessment, and response strategies, which include mitigation, transfer, acceptance, or elimination. It stresses the importance of stakeholder engagement to ensure effective communication and consultation at every phase. The iterative nature of risk management outlined in ISO 31000 promotes continuous improvement and alignment with organizational objectives. Through a qualitative analysis of case studies from Peru, Mexico, and Brazil in both the public and private sectors, this paper demonstrates how organizations adapt ISO 31000 to their specific economic, cultural, and legal contexts. These adaptations enhance risk visibility, build stakeholder trust, and support long-term sustainability. The findings reveal significant benefits, such as improved business continuity and a better capacity to address financial and operational uncertainties. Despite its adaptability, the successful implementation of ISO 31000 requires addressing regional challenges, including resource constraints and evolving regulations. The paper calls for ongoing training and awareness efforts to ensure the framework's widespread adoption and effectiveness. In conclusion, ISO 31000 is an essential tool for strengthening risk management practices, empowering Latin American organizations to navigate uncertainties and achieve sustainable growth.

  • References

    1. Abdymomunov, A., & Mihov, A. (2019). Operational risk and risk management quality: Evidence from US bank holding companies. Journal of Financial Services Research, 56(1), 73-93.
    2. Abel Bernal, Carlos Rosen, Enrique Yacuzzi y Espedito Passarellla. (2011). Ideas innovadoras para una mejor práctica de negocios. Revistas de temas de managment, 3, 12.
    3. Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., & Ahmed, A. (2014). Security risk assessment framework for cloud computing environments. Security and Communication Networks, 7(11), 2114-2124.
    4. AL-kiyumi, R. K., AL-hattali, Z. N., & Ahmed, E. R. (2021). Operational risk management and customer complaints in Omani banks. Journal of Governance and Integrity, 5(1), 200-210.
    5. Arena, M., Arnaboldi, M., & Azzone, G. (2010). The organizational dynamics of enterprise risk management. Accounting, Organizations and Society, 35(7), 659-675.
    6. Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their foundation. European Journal of Operational Research, 253(1), 1-13.
    7. Aven, T. (2017). How some types of risk assessments can support resilience analysis and management. Reliability Engineering & System Safety, 167, 536-543.
    8. Aven, T., & Renn, O. (2010). Risk management and governance: Concepts, guidelines and applications (Vol. 16). Springer Science & Business Media.
    9. Barafort, B., Mesquida, A. L., & Mas, A. (2018). Integrated risk management process assessment model for IT organizations based on ISO 31000 in an ISO multi-standards context. Computer Standards & Interfaces, 60, 57-66.
    10. Barafort, B., Mesquida, A. L., & Mas, A. (2019). ISO 31000‐based integrated risk management process assessment model for IT organizations. Journal of Software: Evolution and Process, 31(1), e1984.
    11. Baranoff, E.G. (2001), “The risk balls game: transforming risk and insurance into tangible concepts”, Risk Management and Insurance Review, Vol. 4 No. 2, pp. 51-58.
    12. Berger, A. N., Curti, F., Mihov, A., & Sedunov, J. (2022). Operational risk is more systemic than you think: Evidence from US bank holding companies. Journal of Banking & Finance, 143, 106619.
    13. Björnsdottir, S. H., Jensson, P., Thorsteinsson, S. E., Dokas, I. M., & de Boer, R. J. (2022). Benchmarking ISO Risk Management Systems to Assess Efficacy and Help Identify Hidden Organizational Risk. Sustainability, 14(9), 4937.
    14. Borek, A., Parlikad, A. K., Webb, J., & Woodall, P. (2013). Total information risk management: maximizing the value of data and information assets. Newnes.
    15. Borghesi, A., & Gaudenzi, B. (2012). Risk management: How to assess, transfer and communicate critical risks (Vol. 5). Springer Science & Business Media.
    16. Brooks, N. (2003). Vulnerability, risk and adaptation: A conceptual framework. Tyndall Centre for climate change research working paper, 38(38), 1-16.
    17. Chapman, C., & Ward, S. (2003). Project risk management processes, techniques and insights. John Wiley & Sons Ltd.
    18. Cokins, G. (2009). Performance management: Integrating strategy execution, methodologies, risk, and analytics. John Wiley & Sons.
    19. Cooper, H. M. (1988). Organizing knowledge synthesis: A taxonomy of literature reviews. Knowledge in Society, 1(1), 104-126.
    20. Curti, F., Gerlach, J., Kazinnik, S., Lee, M., & Mihov, A. (2023). Cyber risk definition and classification for financial risk management. Journal of Operational Risk, 18(2).
    21. Dafikpaku, E., Eng, M. B. A. B., & Mcmi, M. (2011, March). The strategic implications of enterprise risk management: A framework. In ERM Symposium (Vol. 48).
    22. Djapic, M., Lukic, L., & Pavlovic, A. (2016). Technical product risk assessment: standards, integration in the erm model and uncertainty modeling. International Journal for Quality Research, 10(1), 159.
    23. Douglas, M. (2020). Risk as a forensic resource. In Risk Management (pp. 1-16). Routledge.
    24. Duque-Grisales, E., & Aguilera-Caracuel, J. (2021). Environmental, social and governance (ESG) scores and financial performance of multilatinas: Moderating effects of geographic international diversification and financial slack. Journal of Business Ethics, 168(2), 315-334.
    25. Earle, T. C. (2010). Trust in risk management: A model‐based review of empirical research. Risk Analysis: An International Journal, 30(4), 541-574.
    26. Edwards, P., & Bowen, P. (2013). Risk management in project organisations. Routledge.
    27. Fan, Y., & Stevenson, M. (2018). A review of supply chain risk management: definition, theory, and research agenda. International journal of physical distribution & logistics management, 48(3), 205-230.
    28. Fernández Sanz, Luis; Bernad Silva, Pedro. (2014). Gestión de riesgos en proyectos de desarrollo de software en España: estudio de la situación. Revista Facultad de Ingeniería Universidad de Antioquia, núm. 70, 233-243.
    29. Fink, A. (2005). Conducting research literature reviews: From the Internet to paper. Sage Publications.
    30. Gallati, R. R. (2022). Risk management and capital adequacy. McGraw-Hill.
    31. Green, B. N., Johnson, C. D., & Adams, A. (2006). Writing narrative literature reviews for peer-reviewed journals: Secrets of the trade. Journal of Chiropractic Medicine, 5(3), 101-117.
    32. Haimes, Y. Y. (2005). Risk modeling, assessment, and management. John Wiley & Sons.
    33. Haimes, Y. Y. (2011). Risk modeling, assessment, and management. John Wiley & Sons.
    34. Hardjomidjojo, H., Pranata, C., & Baigorria, G. (2022, July). Rapid assessment model on risk management based on ISO 31000: 2018. In IOP Conference Series: Earth and Environmental Science (Vol. 1063, No. 1, p. 012043). IOP Publishing.
    35. Hart, C. (1998). Doing a literature review: Releasing the social science research imagination. Sage Publications.
    36. Hassani, B., & Hassani, B. K. (2016). Scenario analysis in risk management. Springer International Publishing Switzerland.
    37. Hiles, A. (2012). Enterprise risk management. The definitive handbook of business continuity management, 1-21.
    38. Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers.
    39. Hubbard, D. W. (2020). The failure of risk management: Why it's broken and how to fix it. John Wiley & Sons.
    40. Hutchins, G. (2018). ISO 31000: 2018 enterprise risk management. Greg Hutchins.
    41. Huurne, E. T., & Gutteling, J. (2008). Information needs and risk perception as predictors of risk information seeking. Journal of risk research, 11(7), 847-862.
    42. IRM. (2018). Standard Deviations: A Risk Practitioners Guide to ISO 31000. Institude of Risk Management.
    43. ISO, I. (2009). Risk management–Principles and guidelines. International Organization for Standardization, Geneva, Switzerland.
    44. ISO. (2018). Risk management - Guidelines. Geneva: International Organization for Standardization (ISO).
    45. Jaafari, A. (2001). Management of risks, uncertainties and opportunities on projects: time for a fundamental shift. International journal of project management, 19(2), 89-101.
    46. Kucuk Yilmaz, A., Flouris, T., Yilmaz, A. K., & Flouris, T. (2017). Enterprise risk management in terms of organizational culture and its leadership and strategic management. Corporate risk management for international business, 65-112.
    47. Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.
    48. Landoll, D. (2021). The security risk assessment handbook: A complete guide for performing security risk assessments. CRC press.
    49. Leitch, M. (2010), “ISO 31000:2009 – the new international standard on risk management: Perspective”, Risk Analysis, Vol. 30 No. 6, pp. 887-892.
    50. Leveson, N. (2015). A systems approach to risk management through leading safety indicators. Reliability engineering & system safety, 136, 17-34.
    51. Luneau, A., & Fourniau, J. M. (2021). Involving stakeholders in the risk regulation process: the example of ANSES. Journal of Risk Research, 24(6), 740-755.
    52. MacDonald, N. E., Smith, J., & Appleton, M. (2012). Risk perception, risk management and safety assessment: what can governments do to increase public confidence in their vaccine system?. Biologicals, 40(5), 384-388.
    53. Marchetti, A. M. (2011). Enterprise risk management best practices: From assessment to ongoing compliance. John Wiley & Sons.
    54. Martínez Hernández, Rosalba, & Pastor Pérez, María del Pilar. (2018). Relationship between risk and innovation: Risk perception by project managers. Journal of technology management & innovation, 13(2), 94-103.
    55. Monahan, G. (2008). Enterprise risk management: A methodology for achieving strategic objectives. John Wiley & Sons.
    56. Nandemar, D. (2024). Fraud risk judgments performance: The role of audit technology, task structure, and auditor competence. Multidisciplinary Science Journal, 6(9), 2024180-2024180.
    57. National Research Council, Division on Earth, Life Studies, Board on Environmental Studies, & Committee on Improving Risk Analysis Approaches Used by the US EPA. (2009). Science and decisions: advancing risk assessment.
    58. O'Malley, P. (2013). Risk and responsibility. In Foucault and political reason (pp. 189-207). Routledge.
    59. Oyede, S. A., & Aderibigbe, F. O. (2022). Moderating Effect of Internal Control Activities on Risk Assessment and Performance of Insurance Companies in Nigeria. Gusau International Journal of Management and Social Sciences, 5(1), 1-18.
    60. Pakhchanyan, S. (2016). Operational risk management in financial institutions: A literature review. International Journal of Financial Studies, 4(4), 20.
    61. Palmer, C. L. (2005). Scholarly work and the shaping of digital access. Journal of the American Society for Information Science and Technology, 56(11), 1140-1153.
    62. Poljanšek, K., Casajus Valles, A., Marin Ferrer, M., De Jager, A., Dottori, F., Galbusera, L., ... & Wood, M. (2019). Recommendations for national risk assessment for disaster risk management in EU. Luxembourg, Publications Office of the European Union.
    63. Power, M. (2004). The risk management of everything. The Journal of Risk Finance, 5(3), 58-65.
    64. Power, M. (2007). Organized uncertainty: Designing a world of risk management. Oxford University Press, USA.
    65. Pritchard, C. L., & PMP, P. R. (2014). Risk management: concepts and guidance. CRC Press. The goal of using process metrics is to improve the quality and efficiency of the design, implementation and results of a process.
    66. Rasmussen, J., & Suedung, I. (2000). Proactive risk management in a dynamic society. Swedish Rescue Services Agency.
    67. Renn, O. (1998). The role of risk perception for risk management. Reliability engineering & system Safety, 59(1), 49-62.
    68. Renn, O. (2017). Risk governance: coping with uncertainty in a complex world. Routledge.
    69. Renn, O. (2020). Risk communication: Insights and requirements for designing successful communication programs on health and environmental hazards. In Handbook of risk and crisis communication (pp. 80-98). Routledge.
    70. Sadgrove, K. (2016). The complete guide to business risk management. Routledge.
    71. Saeidi, P., Saeidi, S. P., Sofian, S., Saeidi, S. P., Nilashi, M., & Mardani, A. (2019). The impact of enterprise risk management on competitive advantage by moderating role of information technology. Computer standards & interfaces, 63, 67-82.
    72. Salmeron, J. L., & Lopez, C. (2010). A multicriteria approach for risks assessment in ERP maintenance. Journal of systems and software, 83(10), 1941-1953.
    73. Sanchez, H., Robert, B., Bourgault, M., & Pellerin, R. (2009). Risk management applied to projects, programs, and portfolios. International journal of managing projects in Business, 2(1), 14-35.
    74. Saunders, A., Cornett, M. M., & Erhemjamts, O. (2021). Financial institutions management: A risk management approach. McGraw-Hill.
    75. Schuitema, G., & Hooks, T. (2024). Promoting voluntary risk detection behaviour: an intervention study based on trending social norms combined with emotional appeals. Journal of Risk Research, 1–16.
    76. Snyder, H. (2019). Literature review as a research methodology: An overview and guidelines. Journal of business research, 104, 333-339.
    77. Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk management guide for information technology systems. Nist special publication, 800(30), 800-30.
    78. Stulz, R. M. (2008). Risk management failures: What are they and when do they happen?. Journal of Applied Corporate Finance, 20(4), 39-48.
    79. Tiwari, S., Sharma, P., Choi, T. M., & Lim, A. (2023). Blockchain and third-party logistics for global supply chain operations: Stakeholders’ perspectives and decision roadmap. Transportation Research Part E: Logistics and Transportation Review, 170, 103012
    80. Tranfield, D., Denyer, D., & Smart, P. (2003). Towards a methodology for developing evidence‐informed management knowledge by means of systematic review. British Journal of Management, 14(3), 207-222.
    81. Tsohou, A., Karyda, M., Kokolakis, S., & Kiountouzis, E. (2006). Formulating information systems risk management strategies through cultural theory. Information Management & Computer Security, 14(3), 198-217.
    82. Van Der Vegt, G. S., Essens, P., Wahlström, M., & George, G. (2015). Managing risk and resilience. Academy of Management Journal, 58(4), 971-980.
    83. Van Greuning, H., & Bratanovic, S. B. (2020). Analyzing banking risk: a framework for assessing corporate governance and risk management. World Bank Publications.
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Copyright (c) 2025 The Authors

How to cite

Lizarzaburu, E., Chavez, M., Garcia , C., Noriegac, E., & Tinoco, D. (2025). ISO 31000 guide: Steps used in all types of organizations in Latin American Countries. Multidisciplinary Reviews, 8(7), 2025212. https://doi.org/10.31893/multirev.2025212
Crossref
Scopus
Google Scholar
Europe PMC
  • Article viewed - 2589
  • PDF downloaded - 1183