The International Organization for Standardization(ISO)
identifies the following principles of risk management:
create value -
(resources expended to mitigate risk should generally
exceed the consequence of inaction,
or the gain should exceed the pain)
be an integral part of organizational processes
be part of decision making
explicitly address uncertainty and assumptions
be systematic and structured
be based on the best available information
be tailorable
take into account human factors
be transparent and inclusive
be dynamic, iterative and responsive to change
be capable of continual improvement and enhancement
be continually or periodically re-assessed