How does ‘risk management’ fit with all the other kinds of ‘management’?

Risk management is not just another dimension of management. It’s a dimension of all the other dimensions

What to read first: Key principles for actually managing risk What is risk management?


Risk management is not just another dimension of management. It’s a dimension of all the other dimensions

There are many different kinds of management in any organisation, no matter how small. Here are some well-known examples.

  • Performance management
  • Quality management
  • Financial management
  • Customer relationship management
  • Human resource management
  • Workplace health and safety management
  • Security management
  • Business continuity management

…and so on. There is also ‘risk management’. The question is how these different varieties of ‘management’ link together. Do they have any sort of hierarchy or priority order?

It is fairly obvious that all of these different kinds of management have a similar level of importance, to the extent that in their own way, are of them all essential. Each kind of management may be more or less explicit and formal according to the needs of the organisation and the local culture, but they will all exist as behaviours in the real world.

Risk management relates to the others in the following way.

For each of the types of ‘management’, there are different outcome objectives. Performance management aims to maximise performance, quality management supports quality objectives, and so on. Some of those objectives are in competition, in that one can only be achieved at the expense of another. All of those objectives are important.

Risk management is different. Risk management is simply understanding and acting on the effects of uncertainty on each of those separately important objectives.

Risk management is not a further competing type of objective. It is recognising and acting on the uncertainty of achieving those objectives that are important for their own reasons.

What sometimes competes with pursuing the agreed objectives is the need to limit exposure to certain negative outcomes that are best avoided. That type of avoidance objective may only receive attention under the heading of ‘risk management’, but it was always an objective in itself. It is not a separate kind of ‘risk management objective’.

Some of the types of ‘management’ may have their own administrative frameworks. For example, there may be a performance reporting framework. There will almost always be a financial administration framework, consisting of a well-defined system with links into budgets, ledgers, and payment processing. These frameworks are not the same as the performance objectives or financial objectives. They are merely part of the means chosen to help achieve those objectives. There may not be a comparable formal framework or system for managing work health and safety, even though health and safety objectives are no less important.

Risk management may have a separate and additional administrative framework, or even a networked system, all of which may be either helpful or destructive to the actual management of risk. As I have said elsewhere, the administrative framework should not be allowed to get in the way of actually managing risk.

This view of the relationship between risk management and other management frameworks is based on ISO 31000 and other authoritative sources in risk management. It might not be clear from secondary sources on topics such as project management or governance. In places like that you may see risk management as another item in a list of management considerations. That is misleading, and it’s why I wrote this article.

Next article for Everyone

What separate activities are specific to ‘risk management’?

Activities specific to ‘risk management’ are typical activities specific to ‘management’, with special features. They also have special names, defined in places like ISO 31000. Different risk specialists assume different boundaries of ‘risk’.

Everyone Version 1.0 Beta

Previous article for Everyone

Key principles for actually managing risk

Risk management is simply ‘management’, with recognition of the effects of uncertainty. ‘Treating a risk’ means doing something different, not turning a knob. Risks are managed by managers, not risk specialists.

Everyone Version 1.0 Beta

Parent articles

What is risk management?

Risk is not a mysterious hypothetical substance. Unlike radioactive waste, it does not require a management system. You should never ask how much of it there is. Risk is nothing other than the possibility that your world might not end up the way you meant it to be. To manage risk is to understand and act on the effects of uncertainty on objectives. ‘Effects’ can be positive or negative. ‘Uncertainty’ includes all kinds of unknowns, including unknown unknowns. Risk management comes naturally from human capacity to plan for the future with conscious actions. Risk management is not defined by any step by step process based on rules and templates. Risk management is simply ‘management’, with recognition of the effects of uncertainty.

Everyone Version 1.0 Beta

Main article on What is Risk Management?

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments are moderated from a sea of spam, so may not be published immediately. Email contact may get a quicker response.