Which of the following is a common framework used for risk management?

ISO 31000 is widely recognized as a common framework for risk management. It provides guidelines and principles for creating a risk management process that is integrated into an organization's governance structure and decision-making processes. This framework emphasizes the importance of establishing a risk management culture and ensures that the process aligns with the organization's strategic objectives.

ISO 31000 outlines a systematic approach to identify, assess, and manage risks, enabling organizations to better anticipate and mitigate risks while also taking advantage of opportunities. It is suitable for various sectors and can be tailored to meet the specific needs of organizations, making it a versatile tool in the field of risk management.

While other frameworks like ISO 9001 focus on quality management, NIST SP 800-53 offers guidelines primarily for security and privacy within information systems, and COBIT is aimed at governance and management of enterprise IT, ISO 31000 stands out specifically for its comprehensive approach to risk management across diverse environments. This makes it particularly relevant and useful for organizations seeking to establish or improve their risk management practices.