Vocabulary for ‘risk management process’ (Risk Specialists)

Clear Lines on Audit and Risk uses the term ‘discrete risk management process’ to refer to an identifiable application of risk management that has a defined context and scope. A discrete risk management process would typically have its own risk register. It may also have its own risk criteria.

  • This usage of ‘risk management process’ appears in ISO 31000, for instance at 5.3.1. It is not exactly the same as the definition of ‘risk management process’ given in ISO Guide 73:2009 3.1, which suggests (though not clearly) that a ‘process’ is something generalizable across varying risk management exercises. Within an organisation, a ‘process’ may be prescribed by a set of rules, for repeated application to different risk assessments. That would be the other meaning of ‘process’.
  • A ‘discrete risk management process’ is very close to, but not identical with, the concept of a ‘risk management activity’ in HB 436. HB 436 (at 5.3.4.1) is talking about a breakdown within ‘a’ risk management activity, whereas Clear Lines is talking about discrete and independent areas of risk management within an organisation (on any scale).
  • If we are talking about an ‘application of risk management’ we are necessarily assuming some level of formality in the process and some use of theory specific to ‘risk management’. The real-world choices for responding to the effects of uncertainty are not necessarily made through the ‘application of risk management’ in this narrower sense.

Further Reading

Main articles on the topic: 1. Discrete risk management processes within an enterprise (Everyone) 2. Shapes for discrete risk management processes (Everyone) 3. Examples of discrete risk management processes (Everyone) 4. Risk ‘to’ an area of activity and risk ‘from’ the activity (Everyone)

Recommended next articles:

COSO and ISO 31000 on discrete risk management processes (Risk Specialists)

COSO ERM and ISO 31000 do not recognise discrete risk management processes within an enterprise.

Some other main topics

What is Risk Management?

Coming soon: Scoping a risk management activity; ERM and RM; RM across an organisation, without a central register; Context setting, Objectives, expected and acceptable outcomes, priorities and tradeoffs.

All pages on ‘Discrete risk management processes within an enterprise’

Articles for everyone Discrete risk management processes within an enterprise (Everyone) Shapes for discrete risk management processes (Everyone) Examples of discrete risk management processes (Everyone) Risk ‘to’ an area of activity and risk ‘from’ the activity (Everyone)
Supplements for reader streams
For Risk Specialists: Risk management processes within an enterprise (Risk Specialists)
For CRMA Candidates: Risk management processes within an enterprise (CRMA)
For CRISC Candidates: Risk management processes within an enterprise (CRISC)
Extras for risk specialists: Vocabulary (Risk Specialists) COSO and ISO 31000 on discrete risk management processes (Risk Specialists) ERM and discrete risk management processes (Risk Specialists)

Risk consequences as the final effect on objectives (LinkedIn – registration required)

For Executives: Risk management processes within an enterprise (Executives)
For Australian Government readers: Risk management processes within an enterprise (Australian Government)

Leave a Reply

Your email address will not be published. Required fields are marked *