What is covered on Day 2 of the ISO 31000 course?

Day 2 is where ISO 31000 guidance shifts from concepts into the set-up work that determines whether risk management will be consistent in practice. The agenda positions this day as the bridge between principles and the detailed assessment steps that follow.The first focus area is the risk management framework. This is the organizational structure that supports risk work: how responsibilities are defined, how leadership commitment is expressed, and how risk information is used to support decisions. A framework also sets the conditions for repeatability across projects and business units.The day then addresses scope, context, and criteria for the risk management process. This step clarifies what objectives are in scope, which internal and external factors influence outcomes, and what evaluation criteria will be used. Criteria can include thresholds and decision rules that determine which risks require treatment and which can be accepted.The third topic is risk identification. Identification captures what could occur, how it could occur, and what consequences matter for the objective. The intent is to generate a usable set of risks that can later be analyzed and evaluated using the previously defined criteria.Day 2 is important because it reduces subjectivity. When teams share criteria and use a consistent identification approach, later analysis and evaluation steps are more defensible and easier to compare. The course then builds on this foundation on Day 3 by moving into risk analysis, evaluation, and treatment.