What is risk management? (extras for risk specialists)

What to read first: What is risk management?

Risk specialists

Depending on how you’ve come to this point, it’s possible you are bothered by something like one of these thoughts.

  • Why yet another definition of risk management?
  • Not having a codified standard risk management process with common scales is a recipe for chaos. At the very least, it’s a failure of the risk management initiative.
  • In my organisation, ‘risk management’ is an organisation unit. Possibly I’m in it and perhaps we are overloaded with productive work. I can’t accept this version of ‘risk management’ which says that only decision makers (‘line’ managers) manage risk.
  • If any of this is true, what could be the role of a Chief Risk Officer?

As a risk management specialist, you are vitally and personally concerned with the fundamental meaning of ‘risk management’. The drill-down articles (below the line) reveal the supports for the big statements I made in What is risk management?


Parent articles

What is risk management?

Risk is not a mysterious hypothetical substance. Unlike radioactive waste, it does not require a management system. You should never ask how much of it there is. Risk is nothing other than the possibility that your world might not end up the way you meant it to be. To manage risk is to understand and act on the effects of uncertainty on objectives. ‘Effects’ can be positive or negative. ‘Uncertainty’ includes all kinds of unknowns, including unknown unknowns. Risk management comes naturally from human capacity to plan for the future with conscious actions. Risk management is not defined by any step by step process based on rules and templates. Risk management is simply ‘management’, with recognition of the effects of uncertainty.

Everyone Version 1.0 Beta

Drill-down articles

Reconciling definitions of risk management

Risk specialists Version 1.0 Beta

What is risk management? It’s not following a risk management process

Risk management not defined by its methods. Risk registers, matrices, and bureaucracy are not part of ISO 31000. Registers and scales do not define Enterprise Risk Management either.

Risk specialists Version 1.0 Beta

What is risk management? It’s not what ‘risk managers’ do

If you are a risk specialist supporting management, you advise the decision makers and their teams on how approach the organisational understanding of risk, and on taking action with that understanding. If you are risk specialist at the governance level (as an audit and risk committee member, say), your primary advice and support will be directed to the board or CEO rather than to the management hierarchy underneath them. The Chief Risk Officer (CRO) is a risk specialist operating at the C-level, the top level of management below the board and directors.

Risk specialists Version 1.0 Beta

Drill-down articles

What is risk management? (CRMA supplement)

CRMA Version 1.0 Beta

Drill-down articles

What is risk management? (CRISC supplement)

CRISC Version 1.0 Beta

Main article on What is Risk Management?

Index to the series What is risk management?

Leave a Reply

Your email address will not be published.

Comments are moderated from a sea of spam, so may not be published immediately. Email contact may get a quicker response.