How does ‘risk management’ fit with all the other kinds of ‘management’? (Everyone)

Risk management is not just another dimension of management. It’s a dimension of all the other dimensions.

This article assumes you have read What is risk management? (Everyone), or that you have a basic understanding of risk management vocabulary.


Risk management is not just another dimension of management. It’s a dimension of all the other dimensions.

There are many different kinds of management in any organisation, no matter how small. Here are some well-known examples.

  • Performance management
  • Quality management
  • Financial management
  • Customer relationship management
  • Human resource management
  • Workplace health and safety management
  • Security management
  • Business continuity management

…and so on. There is also ‘risk management’. The question is how these different varieties of ‘management’ link together. Do they have any sort of hierarchy or priority order?

It is fairly obvious that all of these different kinds of management have a similar level of importance, to the extent that in their own way, are of them all essential. Each kind of management may be more or less explicit and formal according to the needs of the organisation and the local culture, but they will all exist as behaviours in the real world.

Risk management relates to the others in the following way.

For each of the types of ‘management’, there are different outcome objectives. Performance management aims to maximise performance, quality management supports quality objectives, and so on. Some of those objectives are in competition, in that one can only be achieved at the expense of another. All of those objectives are important.

Risk management is different. Risk management is simply understanding and acting on the effects of uncertainty on each of those separately important objectives.

Risk management is not a further competing type of objective. It is recognising and acting on the uncertainty of achieving those objectives that are important for their own reasons.

What sometimes competes with pursuing the agreed objectives is the need to limit exposure to certain negative outcomes that are best avoided. That type of avoidance objective may only receive attention under the heading of ‘risk management’, but it was always an objective in itself. It is not a separate kind of ‘risk management objective’.

Some of the types of ‘management’ may have their own administrative frameworks. For example, there may be a performance reporting framework. There will almost always be a financial administration framework, consisting of a well-defined system with links into budgets, ledgers, and payment processing. These frameworks are not the same as the performance objectives or financial objectives. They are merely part of the means chosen to help achieve those objectives. There may not be a comparable formal framework or system for managing work health and safety, even though health and safety objectives are no less important.

Risk management may have a separate and additional administrative framework, or even a networked system, all of which may be either helpful or destructive to the actual management of risk. As I have said elsewhere, the administrative framework should not be allowed to get in the way of actually managing risk.

This view of the relationship between risk management and other management frameworks is based on ISO 31000 and other authoritative sources in risk management. It might not be clear from secondary sources on topics such as project management or governance. In places like that you may see risk management as another item in a list of management considerations. That is misleading, and it’s why I wrote this article.

Further Reading

Main article on What is risk management? (Everyone)

Recommended next articles:

What separate activities are specific to ‘risk management’? (Everyone)

Activities specific to ‘risk management’ are typical activities specific to ‘management’, with special features. They also have special names, defined in places like ISO 31000. Different specialists assume different boundaries of ‘risk’.

Stream supplements: Risk Specialists Executives Australian Government CRMA CRISC

Drill-down articles:

What is risk management? Examples (Everyone)

Deciding strategy for an organisation with a mission Running operations Managing a work unit within an organisation Designing a facility for safety Designing an information system to meet integrity objectives Accounts payable system design Health and safety Regulating an industry or sector Speculating in the hope of a massive success Balancing investment returns and security Choosing between medical treatments Approving and managing a project Procurement of assets or services

What is risk management? Thinking too narrowly (Everyone)

Risk management is (not) expressing levels of risk on a standard scale. Introducing risk management is (not) implementing a standard ‘methodology’ for ‘risk management’. Risk management is (not) maintaining a central ‘risk register’ for all risks in an organisation. Risk management is (not) only about what can go wrong. Risk management is (not) only about events that may or may not occur. Risk management is (not) identifying the ‘top 3 risks’ (substitute your own number). Risk management is (not) understanding and acting on all risks in an enterprise (Enterprise Risk Management).

What is risk management? Less common errors (Everyone)

Risk (only) arises where there is non-compliance Risk (only) arises from change. Risk (only) arises where governance or control processes are not mature. Risk is (only) whatever can stop the plan from being executed. Risk management is (just) designing controls. Risk management is (not) workshops, consensus, and voting. Risk management is (not) about re-directing blame. Risk management can (not) be achieved by risk scoring. Risk management is (not) just a matter of monitoring. Risk management is (not) calculating the ‘expected’ loss or gain.

All pages on What is Risk Management?

Articles for everyone The goal of risk management (Everyone) Key Principles for actually managing risk (Everyone) How does ‘risk management’ fit with all the other kinds of ‘management’? What separate activities are specific to ‘risk management’? What is risk management? Examples What is risk management? Thinking too narrowly What is risk management? Less common errors
Supplements for reader streams
For Risk Specialists: What is risk management? (Specialists)
For CRMA Candidates: What is risk management? (CRMA)
For CRISC Candidates: What is risk management? (CRISC)
Extras for risk specialists: What is risk management? Reconciling definitions of risk management What is risk management? Definition of ‘risk’ (Specialists) What is risk management? Definition of ‘risk management’ (Specialists) What is risk management? Defining the end result of effective risk management (Specialists) What is risk management? It’s not following a risk management process What is risk management? It’s not what ‘risk managers’ do

Risk consequences as the final effect on objectives (LinkedIn – registration required)

For Executives: What is risk management? What matters for management (Executives)
For Australian Government readers: What is risk management? (Australian Government)

Leave a Reply

Your email address will not be published. Required fields are marked *