Tuesday, March 15, 2011

Why I'm writing this book?

Risk management isn’t especially easy – but it isn’t that hard either.  We manage risk every time we cross a road or drive a car, and mostly we do just fine. Such risk management practices are of course a far cry from managing risks for a large organization or for a nation but even so, the processes for managing risk are not that hard to learn. This book is being written to show you gentle reader, how for minimal investment of time, you can do exactly that.

ISO31000 gives us the what to do – but not how to do it.  I’ve been doing risk management professionally for a couple of decades now and I’m a big fan of it.  Risk management has been an easy target for naysayers and justifiably they can often point to cases where it is either overly complex or ineffective.  The title alone of Douglas Hubbard’s book  “The Failure of Risk Management” sums up how many people are feeling about risk management following the latest of many financial crises. But popular as this view may be, it’s misguided. Risk management isn’t overly complicated and it hasn’t failed us. We’ve simply failed to apply what we already collectively know about the topic – and I might add have largely failed to build on what we know with sound basic science and research.    I wanted to redress this balance share with you some of the more practical ways that you can apply sound risk management.

In November 2009, around the same time as the aforementioned global financial crisis was starting to really be felt, the International Organization for Standardization (ISO) finally released the long awaited and in some circles at least, eagerly anticipated first international risk management standard.  ISO31000:2009 Risk Management – Principles and Guidelines (ISO 31000) has been developed with the input of subject matter experts from around the world, from a variety of disciplines industries. The Standard aims to provide organizations with guidance and a common platform for managing different types of risks, from many sources irrespective of the organizations’ size, type, complexity, structure, activities or location.

But does it succeed in this noble goal?  Yes. And no.  By the nature of a standard, it has to be brief and widely applicable. But that strength is also it’s weakness and that’s where this book comes in – the ‘how’ of ISO31000 can’t fit into a single book. I’ll have the luxury of a lot more pages than the 24 brief pages of ISO31000.

Hopefully I’ll achieve my goal of making risk management more accessible. You be the judge.

No comments:

Post a Comment