Greg Hutchins is the risk evangelist who coined the expression Future of Quality: Risk® and is the developer of Certified Enterprise Risk Manager® certificate.


ISO 31000: Enterprise Risk Management is the first and only book that describes ISO 31000 in terms of:

  • Architect the system. Architecting means determining which elements of the risk management framework, system, or process should be used and tailored based on the organizational context.
  • Design the system. Designing the system means determining how each element of the risk management process can be tailored to specific organizational stakeholders, customers, and interested parties.
  • Implement the system. Implementing means integrating the risk management framework and process into the organization’s general management system. This step is often a behavioral and cultural change in the project.
  • Assure the system. Assuring means risks are being controlled within the organization’s risk appetite and objectives are being met.


ISO 31000 risk management framework is descriptive not prescriptive. It describes in general terms risk management principles and elements of a framework. The purpose of the framework is to integrate risk management into ISO management systems such as ISO 9001:2015 or ISO 14001:2015.   ISO 31000 is written so an organization may tailor its components to its context and specific requirements.

ISO 31000: Enterprise Risk Management is adaptable to different organizations, contexts, statutes, and environments. Properly architected, designed, implemented, and assured,  ISO 31000: Enterprise Risk Management book offers you the following benefits:

  • Is an international standard that more than 60 countries have adopted as a national risk standard.
  • Is practical for the small to medium sized organization getting into Risk Based Thinking.
  • Can be applied and integrated into ISO management systems easier than any risk management framework.
  • Can be applied to organizations in almost any sector, maturity level, and capability level.
  • Is an open ended guideline that is flexible and open to interpretation so it can be applied universally.
  • Encourage proactive, preventive, preemptive, and predictive™ decision making rather than reactive management.
  • Identify and treat risks throughout the enterprise.
  • Improve identification of upside risks (opportunities) and downside risks (threats).
  • Comply with legal and regulatory requirements.
  • Improve financial reporting.
  • Improve corporate governance, risk, and compliance (GRC).
  • Improve stakeholder confidence and trust.
  • Improve ‘Tone at the Top’ and other soft controls.
  • Establish a reliable basis for risk based, problem solving and decision making.
  • Improve operational risk controls.
  • Allocate resources effectively and efficiently for risk management, treatment, and mitigation.
  • Improve operational effectiveness, efficiency, and economics.
  • Improve incident management and prevention.
  • Identify and minimize possible losses.
  • Is structured around the PDCA cycle that most operations, six sigma, and quality professionals understand.
  • Is a short standard that can be read easily and quickly.


ISO 31000: Enterprise Risk Management cost is $69.00 plus S/H $6.00 in US.   Offshore shipping cost is $25. Contact: or 503.233.1012 in USA to order.


  1. Introduction
  2. ISO Risk Based Thinking
  3. ISO 31000 Risk Management Principles
  4. ISO 31000 Risk Concepts and Definitions
  5. ISO 31000 Framework for Managing Risk
  6. ISO 31000 Risk Management Process
  7. ISO 31010 Risk Assessment Tools and Techniques
  8. ISO 31000 Enhanced Risk Management
  9. Appendix
  10. Risk Glossary

ABC px


Greg Hutchins Is the principal engineer with Quality + Engineering.  He has written a number of best selling ISO 9001, supply management, and quality books as shown on the right.

I have been in quality for more than 30 years.  I go back to the Mil Q (predecessor of ISO 9001) and Mil I (inspection) days of quality.  I have been involved with Enterprise Risk Management (ERM) for a dozen years and product risk (FMEA) for almost 20 years.  A little more background may also help:

  • Principal Engineer with Quality + Engineering, a Critical Infrastructure Protection: Forensics, Assurance, Analytics® engineering firm.
  • Risk engineer and consultant for global companies.
  • Developer of Future of Quality: Risk slide deck that went viral on Linkedin.
  • 9001, ISO 14001, and ISO 27001 management systems consultant.
  • Lead instructor and consultant for one of the first North American certification bodies.
  • Author of best selling ISO 9001 (translated into more than 8 languages).
  • Author of Value Added Auditing™ – the first risk-based, quality-auditing and assurance book.
  • Author of multiple risk-based, auditing books, which have been approved by national authorities.
  • Author of 100′s of quality and risk articles for ASQ, PMI, IEEE, IIE, QD, and many other journals.
  • Developer of Certified Enterprise Risk Manager® and other risk certificates.
  • Founder of CERM Risk Insights™ emagazine with a circulation that is doubling each year.