Is there an easy to understand definiton of risk management?
Much has been written trying to answer the question, “what is risk management?”. But how much of that is useful?
Most literature on risk management takes an insurance perspective but that perspective doesn’t really help a manager trying to mitigate business risks.
Once identified, risks can be managed in one of four generic ways
- Avoidance (eliminate)
- Reduction (mitigate)
- Transfer (outsource or insure)
- Retention (accept and budget)
Obviously, the way you treat the risk will depend upon the type of risk you’ve identified.
So starting from the desired result, you can work backwards. A useful definiton of risk management is, “the process which aims to help organisations understand, evaluate and take steps to treat all their risks”.
How do you understand risk?
The simplest way we have found to understand risk is to put it in the context of the work being done. This means that your business process modelling and enterprise architecture needs to have a space for identifying the risks as they apply to each of the tasks, systems and departments involved in the process.
The reason for identifying risks in context is that it gives more focus to the question, “what is risk management?”
How do you assess risk?
The preferred method of assessing risk is by objective. Your business processes are the means through which your organisation creates value for your clients. So your strategic objectives need to be linked to your processes.
This allows you to very quickly identify the risks to achieving those objectives.
