This article assumes you have read What is risk management? (Everyone), or that you have a basic understanding of risk management vocabulary.
There are many different kinds of management in any organisation, no matter how small. Here are some well-known examples.
- Performance management
- Quality management
- Financial management
- Customer relationship management
- Human resource management
- Workplace health and safety management
- Security management
- Business continuity management
…and so on. There is also ‘risk management’. The question is how these different varieties of ‘management’ link together. Do they have any sort of hierarchy or priority order?
It is fairly obvious that all of these different kinds of management have a similar level of importance, to the extent that in their own way, are of them all essential. Each kind of management may be more or less explicit and formal according to the needs of the organisation and the local culture, but they will all exist as behaviours in the real world.
Risk management relates to the others in the following way.
For each of the types of ‘management’, there are different outcome objectives. Performance management aims to maximise performance, quality management supports quality objectives, and so on. Some of those objectives are in competition, in that one can only be achieved at the expense of another. All of those objectives are important.
Risk management is different. Risk management is simply understanding and acting on the effects of uncertainty on each of those separately important objectives.
Risk management is not a further competing type of objective. It is recognising and acting on the uncertainty of achieving those objectives that are important for their own reasons.
What sometimes competes with pursuing the agreed objectives is the need to limit exposure to certain negative outcomes that are best avoided. That type of avoidance objective may only receive attention under the heading of ‘risk management’, but it was always an objective in itself. It is not a separate kind of ‘risk management objective’.
Some of the types of ‘management’ may have their own administrative frameworks. For example, there may be a performance reporting framework. There will almost always be a financial administration framework, consisting of a well-defined system with links into budgets, ledgers, and payment processing. These frameworks are not the same as the performance objectives or financial objectives. They are merely part of the means chosen to help achieve those objectives. There may not be a comparable formal framework or system for managing work health and safety, even though health and safety objectives are no less important.
Risk management may have a separate and additional administrative framework, or even a networked system, all of which may be either helpful or destructive to the actual management of risk. As I have said elsewhere, the administrative framework should not be allowed to get in the way of actually managing risk.
|This view of the relationship between risk management and other management frameworks is based on ISO 31000 and other authoritative sources in risk management. It might not be clear from secondary sources on topics such as project management or governance. In places like that you may see risk management as another item in a list of management considerations. That is misleading, and it’s why I wrote this article.|
Main article on What is risk management? (Everyone)
Recommended next articles:
All pages on What is Risk Management?