Welcome to a series of excerpts from our forthcoming book on how to apply the ISO31000 Risk Management standard. Whether your focus is business management, leadership, safety, health, environment, security, insurance, business continuity, strategic analysis, financial risk, treasury management, compliance or something else entirely - if you're interested in risk, this is a book for you. We hope you like it and would love to hear your feedback.
Sunday, August 26, 2012
What is Risk Management?
I love the simplicity and inclusiveness of the ISO 31000 definition of risk ("the effect of uncertainty on objectives") and think it is probably the best of a large number of alternatives for a definition of risk. On the other hand, the ISO 31000 definition of 'risk management' - "coordinated activities to direct and control an organization with regard to risk" leaves me more than a little underwhelmed. So, rather than just criticise it, I'd suggest the following thoughts in support of a 'better'(?) definition.
If we accept the ISO 31000 definition for risk then it follows that 'managing risk' = 'managing the effect of uncertainty on objectives"?
We could take this argument further by suggesting that if we have objectives, we would like to achieve them. If that is the case, then we could define 'risk management' as 'reducing the effect of uncertainty on objectives'.
A quantitative analyst (quant) might suggest that risk management is all about reducing volatility, but that definition is still rather vague. With their focus on volatility and pricing, quants are more focussed on reducing something abstract, than achieving objectives, so a better view of managing risk might be something like: risk management = 'increasing the certainty of achieving objectives'.
And that gets my vote for a better definition of risk management. What do you think?
Subscribe to:
Post Comments (Atom)
Spot on. Couldn't get simpler and concise then that
ReplyDeleteThere is an ontological error in the ISO 31000 definition of risk.
ReplyDeleteIt should be: "risk is the potential effect of uncertainty on objectives"
Your definition of risk management is very good and works even better with the corrected definition of risk!