Simple. Risk management means making decisions (to achieve a goal) when some things are still uncertain.
How Complicated is Managing Risk?
Not complicated at all. There are three easy steps:
- Establish all the relevant details about the decision you need to make.
- Identify everything that might happen (events) which could impact your goal.
- The likelihood of the event(s) and the possible consequences.
- The severity of the consequences (i.e. how much will they affect your goals)
- Are the consequences tolerable?
- Make decisions considering all of the above to promote success and prevent failure.
These three steps appear below as they are taught in my ISO 31000 course. Each is preceded by section # from the standard:
So Why All The Hullabaloo?
If you are trying to deploy a systematic system of decision-making and integrate it throughout your organization, ISO 31000:2018 is for you! It will provide you with risk management definitions to create a common language for all your people; teach you how to create a framework that is tailored to your organization’s decision-making; and describe the process described above in far greater detail.