1. International Organization for Standardization (ISO). (2018). ISO 31000:2018 Risk management — Guidelines.
Section 6.6, "Monitoring and review," states: "Monitoring and review should take place at all stages of the risk management process... The results of monitoring and review should be recorded and reported... and should also be used as an input to the review of the risk management framework." This describes a feedback mechanism.
Figure 4, "Process," visually depicts "Monitoring and review" as a central activity that runs parallel to all other process steps (Scope, Context, Criteria; Risk Assessment; Risk Treatment), reinforcing that it is not a single stage but a continuous, overarching function.
2. Lalonde, C., & Boiral, O. (2012). Managing risks through ISO 31000: A critical analysis. Risk Management, 14(4), 272-300.
Page 280: The authors discuss the iterative nature of the ISO 31000 process, noting that "monitoring and review... make it possible to ensure that the controls are effective and efficient in practice... and to learn lessons from events." This learning and adjustment function is the essence of a feedback loop. DOI: https://doi.org/10.1057/rm.2012.9
3. University of Queensland. (n.d.). Enterprise Risk Management Framework.
Section 4.2, "Risk Management Process": In its implementation of ISO 31000, the university's framework document describes monitoring and review as a step to "review and monitor risks, controls and treatments; and learn from experience." This learning aspect, which informs future risk management activities, is characteristic of a feedback loop.
