PurposeThis paper proposes a multicriteria model for risk management to identify and assess risks associated with an integrated management system (IMS). The main benefit of the proposed model is its systemic and logical visualization, which may facilitate the understanding of this proposal’s practical application.Design/methodology/approachThe research design consists of four stages: (1) conduct a literature review to establish risk management models in IMS; (2) collect data concerning risk management models in IMS from a large multinational automotive company; (3) propose a multicriteria model to define and assess risks as well as prioritize mitigation actions and (4) apply the proposed multicriteria model to the data collected in case-based research to evaluate the practical viability of the model to contribute to methods traditionally used.FindingsThe results showed that the proposed risk management model contributes to more reliable decision-making in an IMS. The application of the proposed model identified 85 risks in the total processes of the IMS, 31 of which were classified as high risk; thus, priority actions to be taken were defined. The risk classification and prioritization facilitated the implementation of measures to mitigate or eliminate risks, as pointed out by the company managers.Research limitations/implicationsOne of the limitations is the fact that specific knowledge is required to maintain and update the multicriteria decision-making tool used in this study. Another one implies the approach to managing risks under the different ISO standards and sector-specific requirements, since this may require updates and customization of the proposed risk management model.Practical implicationsThe implementation of IMS in contemporary business environments can be supported by a robust risk management approach. In addition, it provides the leadership with a holistic view of multiple aspects related to a company and fosters continuous improvement.Social implicationsThe social implications of this study are assessed indirectly. This study contributes to the improvement of company management models.Originality/valueTraditionally, the methods used for risk management in IMS are usually applied independently of techniques such as failure mode and effect analysis. The model developed in this work enables to manage risks continuously to achieve a systemic view of organizational issues and greater transparency of the processes.