Risk management under ISO31000 provides an informed point for generic risk assessments to confirm the current controls for mitigating risks and consequences. The risk process spans horizontally from Inherent to Residual to Target Risks, whilst having depth that accounts for the consequences and controls associated with each risk.
You decide how much of the risk process should be dealt with, making it manageable as well as understandable for staff (for example you may prefer to not deal with Inherent Risk). This process allows a staged approach to be taken, adding more aspects later. The risk process leads to a series of fields that become populated and in turn reflected in KnowRisk®. Staff will become familiar with these fields according to the role they play in the process and become more knowledgeable about risk management through applying the process in their work.