This Malaysian Standard provides principles and generic guidelines on risk management. This Malaysian Standard can be used by any public, private or community enterprise, association, group or individual. Therefore, this Malaysian Standard is not specific to any industry or sector. NOTE. For convenience, all the different users of this Malaysian Standard are referred to by the general term “organization”. This Malaysian Standard can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets. This Malaysian Standard can be applied to any type of risk, whatever its nature, whether having positive or negative consequences. Although this Malaysian Standard provides generic guidelines, it is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take int