10 Principles of Risk Management from ISO 3100

1. Creates value for objectives of health, reputation, profits, compliance, and so on, less the costs of risk management.
2. Is an integral part of organizational processes including project management, strategic planning, auditing, and all other processes?
3. Is part of decision making through analysis and evaluation to understand risk and determine its acceptability as treated.
4. Explicitly addresses uncertainty and how it can be modified.
5. Is systematic, structured and timely and produces repeatable and verifiable outcomes and decisions.
6. Is based on the best available information including historical data, expert opinion, stakeholder concerns, and so forth, tempered with the quality and availability of the information.
7. Is tailored to the organization, its objectives, its risks, and its capabilities.
8. Takes human and cultural factors into account in addition to technical and other "hard" factors that impact the likelihood of consequences.
9. Is transparent and inclusive so that communication and consultation with stakeholders and others keeps the risk management and risk criteria current and relevant.
10. Is dynamic, iterative and responsive within a "continuous improvement" environment that responds to changes in context, trends, risk factors and other internal and external factors.