ISO 31000:2009 is the international risk management standard. It is different than the many existing, industry/sector-based standards in that it is completely generic and can easily be applied to any organization of any size. It also differs greatly from standards which place an emphasis on compliance. ISO 31000 is objectives-centric, i.e. it is focused on the organization’s objectives; therefore compliance, although critical to all organizations, is merely one of many company objectives.
COSO versus ISO
This is in sharp contrast to the COSO Enterprise Risk Management Standard, which suggests that company objectives shall be established based on the organization’s risks, i.e. risk-first, objectives second.
You can learn more about the ISO 31000 standard on the ERM 31000 website