This has been a consistent message of mine for a long time. While I generally prefer not to talk about ‘risk’ because the four-letter word evokes a knee-jerk negative reaction from most business people (it is seen as a compliance exercise that gets in the way of running the business), everybody[1] understands the expression ‘taking a risk’. Leaders in every organization recognize that they need to take risks if they are to succeed.
The question is whether they really understand what they are doing: do they understand the risk (the range of potential effects and their likelihoods) and do they understand the rewards (again, the range of effects and their likelihoods).
This is where the risk practitioner[2] can help. They can use their tools and techniques to help decision-makers understand what might happen, given the context of what has happened and is happening.
XX
More recently, I have seen others take up much of this message.
Carol Williams is one of these individuals. Her website ERM Insights by Carol has some useful references (especially the list of thought leaders – thank you, Carol). But I especially like her recent post, Is Technology Risk Bigger than “Cyber” Risk? Here are some excerpts:
It’s not an earth-shattering thing to say that news of hacks, data breaches, and other technology…
