Which of the following is NOT a component of ISO 31000?

ISO 31000 is a standard for risk management that provides guidelines and principles for establishing a risk management framework and process. The standard consists of several key components that are essential for effective risk management.

The principles of ISO 31000 emphasize the importance of integrating risk management into organizational processes, making it a strategic part of decision-making. The guidelines encompass the necessity of a clear scope for the risk management framework, which helps organizations determine how risk management will be applied, including the boundaries and context within which risks will be assessed.

Processes are fundamental to the standard as they describe the systematic approach to managing risks. This includes identifying risks, assessing their potential impacts, and implementing measures to mitigate them. Establishing defined processes ensures that organizations can respond effectively to risks.

While outcomes are the results or impacts of risk management activities, they are not explicitly outlined as a distinct component of ISO 31000. Instead, the focus of ISO 31000 is primarily on the framework and principles that guide risk management practices, rather than the specific results achieved through those practices. Thus, "outcomes" is the correct answer as it does not constitute one of the recognized components of ISO 31000.