Shapes for discrete risk management processes

A discrete risk management process is generally tied to an area of activity or to a theme.

What to read first: Discrete risk management processes within an enterprise

For Everyone: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first. Stream supplements are available as drill-downs.

A discrete risk management process is generally tied to an area of activity or to a theme.

The usual ways of defining a discrete risk management process are

  • to assess and manage risk for a particular area of activity (possibly the total activity of the enterprise), or
  • to assess and manage risk in an enterprise, or perhaps a community, relating to a specific type of risk theme.

Examples of each type are listed in the next article, and you’ll get there very soon. For explanatory purposes, changes and projects are counted as activities.

A risk theme may be worthy of its own separate risk assessment because of its apparent importance to enterprise objectives. Other drivers for thematic risk assessment are external. A thematic risk assessment is often required by regulation, by specific stakeholders, or for another compelling reason, independent of the enterprise objectives and independent of executives’ chosen approach to enterprise risk.

Sometimes a scoped risk management process is very tightly scoped to cover the critical intersection of a well-defined area of enterprise activity and a very specific type of risk. Examples include managing the uncertain returns arising from an investment portfolio, or managing the human safety risk arising from a type of aircraft or nuclear reactor. Risk assessments in this class are more likely to use quantitative techniques or formal mathematical models, not from preference, but because using them is both possible and warranted by the importance of the quantitative results.

It is valid and highly productive to scope risk management processes by activity or by theme. Regardless of how the scope of a discrete risk management process is shaped, it is unhelpful to allow continuing confusion about that scope. Such confusion is regrettably common in real-world risk management. It should be addressed as a matter of priority as soon as it appears. For example, the concept of a ‘legal’ risk assessment is baffling to me, so it is probably a good target for clarification everywhere. Simple questions can often reveal underlying confusion about the scope of seemingly straightforward risk management topics.

The scope of a discrete risk management process can be bounded by particular sources of uncertainty, or by the particular objectives subject to uncertainty. This point will be set out more fully in a later article. I strongly recommend scoping on objectives. The main benefit comes when forming an enterprise overview of risk from discrete risk management processes.


Next article for Everyone

Examples of discrete risk management processes

The whole enterprise (Enterprise Risk Management) A work unit within the organisation A defined business process or system A project, programme, or portfolio A specific proposed change or initiative Security risk Fraud risk Health and safety Business continuity ‘Legal’ risk

For Everyone: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first. Stream supplements are available as drill-downs.

Parent articles

Discrete risk management processes within an enterprise

Risk management happens across the whole of any enterprise, whether or not it is formalised and explicit. A risk management process has a scope and objectives. There may be multiple discrete risk management processes across the enterprise. Any discrete risk management process needs to have a definite scope. Discrete and independent risk management processes are the work-horses within formal risk management, even if they are not recognised at all in ISO 31000 or COSO ERM.

For Everyone: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first. Stream supplements are available as drill-downs.

Index to the topic Discrete risk management processes within an enterprise

Leave a Reply

Your email address will not be published. Required fields are marked *