WARNING: This is likely to be a controversial post!
I have been talking (OK, preaching) about the need to manage the likelihood of achieving objectives (i.e., success) rather than limiting yourself and the organization by managing or mitigating risks. You need to take risks if you ever want to achieve objectives; the key is taking the right level of the right risks. I especially dislike managing individual risks, or a silo of risks, absent the context of what we are trying to achieve as an organization.
To repeat: we need to take the right level of the right risks for success.
That’s a top-down approach to risk management.
But there is another dimension to risk management.
Both ISO 31000 and COSO ERM talk about the need for intelligent decision-making, where leaders understand:
- Where they stand
- Whether that is a problem
- What might happen going forward, both risks and opportunities
- The best path to follow, balancing or weighing risks and potential reward
I recently did a video presentation on this topic that will be shown as part of the RAW 2020 conference in a couple of months.
The idea is that if risk practitioners want to help people make informed and intelligent decisions, they must:
- Understand what decisions (especially crucial decisions for success) are to be made, both strategic and tactical
- Make it…
