What is risk management? (extras for risk specialists)

What to read first: What is risk management?
Seen it all: This series assumes you know risk terms and concepts. It includes references to standards.

Depending on how you’ve come to this point, it’s possible you are bothered by something like one of these thoughts.

  • Why yet another definition of risk management?
  • Not having a codified standard risk management process with common scales is a recipe for chaos. At the very least, it’s a failure of the risk management initiative.
  • In my organisation, ‘risk management’ is an organisation unit. Possibly I’m in it and perhaps we are overloaded with productive work. I can’t accept this version of ‘risk management’ which says that only decision makers (‘line’ managers) manage risk.
  • If any of this is true, what could be the role of a Chief Risk Officer?

As a risk management specialist, you are vitally and personally concerned with the fundamental meaning of ‘risk management’. The drill-down articles (below the line) reveal the supports for the big statements I made in What is risk management?

Drill-down articles

What is risk management? Reconciling definitions of risk management

Seen it all: This series assumes you know risk terms and concepts. It includes references to standards.

What is risk management? It’s not following a risk management process

Risk management not defined by its methods. Risk registers, matrices, and bureaucracy are not part of ISO 31000. Registers and scales do not define Enterprise Risk Management either.

Seen it all: This series assumes you know risk terms and concepts. It includes references to standards.

What is risk management? It’s not what ‘risk managers’ do

If you are a risk specialist supporting management, you advise the decision makers and their teams on how approach the organisational understanding of risk, and on taking action with that understanding. If you are risk specialist at the governance level (as an audit and risk committee member, say), your primary advice and support will be directed to the board or CEO rather than to the management hierarchy underneath them. The Chief Risk Officer (CRO) is a risk specialist operating at the C-level, the top level of management below the board and directors.

Seen it all: This series assumes you know risk terms and concepts. It includes references to standards.

What is risk management? (CRMA supplement)

For CRMA candidates (IIA): This series assumes you have specialist interest in risk management theory, and that you have a copy of the CRMA Study Guide.

What is risk management? (CRISC supplement)

For CRISC candidates (ISACA): This series assumes you have specialist interest in risk management theory, and that you have a copy of the CRISC Study Guide.

Parent articles

What is risk management?

Risk is not a mysterious hypothetical substance. Unlike radioactive waste, it does not require a management system. You should never ask how much of it there is. Risk is nothing other than the possibility that your world might not end up the way you meant it to be. To manage risk is to understand and act on the effects of uncertainty on objectives. ‘Objectives’ are the preferred outcomes of an activity. ‘Effects’ can be positive or negative. ‘Uncertainty’ includes all kinds of unknowns, including unknown unknowns. ‘Act on’ includes many kinds of response. Risk management comes naturally from human capacity to plan for the future with conscious actions. Risk management is not defined by any step by step process based on rules and templates. Risk management is simply ‘management’, with recognition of the effects of uncertainty.

For Everyone: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first. Stream supplements are available as drill-downs.

Index to the topic What is Risk Management?

Leave a Reply

Your email address will not be published. Required fields are marked *