ISO 31000 would allow proactive risk management. However, instead, it focuses on the identification of risk before its occurrence. It involves a risk that makes its occurrence anticipated and mitigative, which means an organization can react not only when the risk occurs but also when it will be occurring.
ISO 31000 enables an organization to make risk-based decisions-that indeed develops in response to business complexities. A good standard will, therefore, show an organization how to grade the risks using the propensity they are likely to occur and the impact of consequences, so organizations are led to make better decisions.