9.3 Management review

Section 9.3 of ISO 31000:2018 requires top management to conduct periodic reviews of the organization's risk-management framework and processes, assessing their effectiveness, alignment with strategic objectives, and adequacy of resources. The management review should consider performance metrics, audit results, emerging risks, and stakeholder feedback, and use the findings to direct improvements and corrective actions.