What is risk management? Reconciling definitions of risk management (Specialists)

This article assumes you have read What is risk management? (Everyone). It compares and reconciles definitions of risk management from different sources.


You may wonder why I offer yet another definition of risk management. My definition of risk management was:

To understand and act on the effects of uncertainty on objectives.

This definition simply collapses elements drawn from the ISO 31000 family into one line, and it is intended to be consistent with that Standard. The main collapsed elements from ISO are the definitions for risk, risk management, and the end result of effective risk management. In this section I present a reconciliation of definitions at those three levels, including comparison with other authorities such as COSO ERM.

You might doubt the conclusive supremacy of ISO 31000. Possibly you are more influenced by COSO ERM or some other standard. Perhaps you know what risk management means in your world, and don’t need any standards to tell you otherwise. I can’t disagree with those positions.

Objections to ISO 31000 are common, but the commonly voiced objections are not based on what the Standard actually says. There are some real problems with ISO 31000, but they are in the direction of incompleteness and opacity. They are not within the concepts of ‘risk’ and ‘risk management’.

Drill-down articles:

Definition of ‘risk’

Definition of ‘risk management’

Defining the end result of effective risk management

Leave a Reply

Your email address will not be published. Required fields are marked *