Shapes for discrete risk management processes (Everyone)

This article continues from Discrete risk management processes within an enterprise (Everyone).


A discrete risk management process is generally tied to an area of activity or to a theme.

The usual ways of defining a discrete risk management process are

  • to assess and manage risk for a particular area of activity (possibly the total activity of the enterprise), or
  • to assess and manage risk in an enterprise, or perhaps a community, relating to a specific type of risk theme.

Examples of each type are listed in the next article, and you’ll get there very soon. For explanatory purposes, changes and projects are counted as activities.

A risk theme may be worthy of its own separate risk assessment because of its apparent importance to enterprise objectives. Other drivers for thematic risk assessment are external. A thematic risk assessment is often required by regulation, by specific stakeholders, or for another compelling reason, independent of the enterprise objectives and independent of executives’ chosen approach to enterprise risk.

Sometimes a scoped risk management process is very tightly scoped to cover the critical intersection of a well-defined area of enterprise activity and a very specific type of risk. Examples include managing the uncertain returns arising from an investment portfolio, or managing the human safety risk arising from a type of aircraft or nuclear reactor. Risk assessments in this class are more likely to use quantitative techniques or formal mathematical models, not from preference, but because using them is both possible and warranted by the importance of the quantitative results.

It is valid and highly productive to scope risk management processes by activity or by theme. Regardless of how the scope of a discrete risk management process is shaped, it is unhelpful to allow continuing confusion about that scope. Such confusion is regrettably common in real-world risk management. It should be addressed as a matter of priority as soon as it appears. For example, the concept of a ‘legal’ risk assessment is baffling to me, so it is probably a good target for clarification everywhere. Simple questions can often reveal underlying confusion about the scope of seemingly straightforward risk management topics.

The scope of a discrete risk management process can be bounded by particular sources of uncertainty, or by the particular objectives subject to uncertainty. This point will be set out more fully in a later article. I strongly recommend scoping on objectives. The main benefit comes when forming an enterprise overview of risk from discrete risk management processes.

Further Reading

Main articles on the topic: 1. Discrete risk management processes within an enterprise (Everyone) 2. Shapes for discrete risk management processes (Everyone) 3. Examples of discrete risk management processes (Everyone) 4. Risk ‘to’ an area of activity and risk ‘from’ the activity (Everyone)

Recommended next articles:

Examples of discrete risk management processes (Everyone)

The whole enterprise (Enterprise Risk Management) A work unit within the organisation A defined business process or system A project, programme, or portfolio A specific proposed change or initiative Security risk Fraud risk Health and safety Business continuity ‘Legal’ risk

Some other main topics

What is Risk Management?

Coming soon: Scoping a risk management activity; ERM and RM; RM across an organisation, without a central register; Context setting, Objectives, expected and acceptable outcomes, priorities and tradeoffs.

All pages on ‘Discrete risk management processes within an enterprise’

Articles for everyone Discrete risk management processes within an enterprise (Everyone) Shapes for discrete risk management processes (Everyone) Examples of discrete risk management processes (Everyone) Risk ‘to’ an area of activity and risk ‘from’ the activity (Everyone)
Supplements for reader streams
For Risk Specialists: Risk management processes within an enterprise (Risk Specialists)
For CRMA Candidates: Risk management processes within an enterprise (CRMA)
For CRISC Candidates: Risk management processes within an enterprise (CRISC)
Extras for risk specialists: Vocabulary (Risk Specialists) COSO and ISO 31000 on discrete risk management processes (Risk Specialists) ERM and discrete risk management processes (Risk Specialists)

Risk consequences as the final effect on objectives (LinkedIn – registration required)

For Executives: Risk management processes within an enterprise (Executives)
For Australian Government readers: Risk management processes within an enterprise (Australian Government)

Leave a Reply

Your email address will not be published. Required fields are marked *