Content Hub

Risk Management Principles Part 1: ISO 31000:2009

Too many organisations use a risk process without understanding the principles that underlie effective risk management. But what are those principles? One place we might look for guidance is the international risk standard ISO 31000:2009 Risk Management – Principles and Guidelines, which includes a set of principles for us to consider. Each of these principles tells us something important about risk management, and together they set a challenging target for organisations who want to manage risk well.

Read More

Managing Risks in the Past

Risk management is about looking forwards, scanning the uncertain and unclear future in an attempt
to discern what awaits us. It offers businesses, projects and individuals a “forward-looking radar”,
identifying threats to be avoided and opportunities which might be captured. Even though the precise
details of such uncertainties may remain unclear, the “risk radar” can make us aware of their location
and size, helping us to formulate appropriate action plans in advance.

Read More

Don’t Just Decide – Do!

Five frogs are sitting on a log; Four decide to jump off : How many frogs are on the log?

Which is the most difficult step in the risk management process? Where do most businesses and projects fail to gain the benefits of their attempts to manage risk proactively? If your organisation is typical, there’s one particular step where it all seems to go wrong, and the risk management process becomes just another frustrating hoop to jump through, with no tangible benefits.

Read More

Developing a Risk Culture

Several things help to make risk management work. These include a risk process that is simple and scalable, which can be applied across the organisation to manage all types of risk. We also need competent people, with the knowledge, skills and experience to deal with the risks that might arise. Infrastructure is also important, providing the tools to support risk management and handle significant amounts of risk data.

Read More

How to respond to risk? Grade Risk Mitigations

It is easy to understand why some people think that the risk response development phase is
the most important part of the risk process. This is where we get the chance to make a
difference to the risk exposure of our project. If we design and implement good risk responses
to address the risks we have identified and assessed, we will be able to minimise threats and
maximise opportunities, and so optimise the likelihood of achieving our objectives. But if our
risk responses are ineffective (or not implemented), the level of risk exposure remains
unchanged – or may even get worse!

Read More

Everybody Loves Brainstorming, but…


If you ask people which technique they use to identify risks, most will include brainstorming in the list,
usually conducted as part of a facilitated workshop. Indeed for many, brainstorming is not just one
technique among several; it’s the only one they use. Brainstorming is popular for a range of reasons:

  • Everybody feels involved, with an opportunity to share their opinion openly
  • It produces visible results quickly as the flipcharts fill up around the room

Read More

Risk is More Than Uncertain Future Events

We all know that risk management is supposed to manage risks. But people often understand very different things when they use the word “risk”. One way to solve this problem would be to insist that everyone uses the definitions found in risk standards and guidelines. These definitions have usually been produced by groups of experts who work hard to be clear, to say what they mean and to mean what they say. Unfortunately most people ignore official definitions when they manage risk in practice. Instead they rely on their own ideas about risk which are often limited or misleading. This in turn can reduce the effectiveness of the risk process and stop it delivering the full range of potential value.

Read More

Risk Matters – It’s all about objectives

The most simple definition of risk as “uncertainty that matters” provides two simple tests for whether something is really a risk or not. The first and most obvious characteristic of a true risk is that it is uncertain. If something is a fact, constraint, requirement, problem or issue, then it is not a risk. However not all uncertainties are risks, which brings us to the second test of a real risk: Does it matter? The majority of uncertainties in the universe are not risks because they are irrelevant. The only reason we need to identify, understand and manage risks is if they matter.

Read More

Risk Management – One size does not fit all

Different projects are exposed to different levels of risk, so the project risk management process must be scaleable to meet the varying degrees of risk challenge. While we can apply a common risk process to any project, that process can be implemented at different levels, from a few simple informal steps to a fully rigorous and integrated process.


Read More