This article is a rewrite of an article I originally wrote about six years ago on a now discontinued blog aptly titled “complexity risk management”. I am reviewing a paper on risk management and felt it relevant to update this post as an additional comment to one of my review points. Whenever I speak about … Continue reading Why I use a static and a dynamic phase in a risk management approach?
An interesting article on risk register obsolescence I recently read this article by Michael Werneburg which was subsequently updated here. The article deals with the evolution of risk management in organisations beyond the use of risk registers into a risk mature organisation. It restates and reiterates a number of points that have been made by … Continue reading Risk management maturity – moving beyond risk registers?
It has been quite a busy week, so I've not been able to write for the blog. I have, however, been reading a lot. While it was not primarily on my agenda, this article on risk management caught my eye. It makes a concise and very clear distinction between risks and risk sources. A recommended … Continue reading Risk versus risk sources
I wrote this article in 2012 for a foreign speaking engagement. It gives a short overview of risk management evolution in the Belgian federal government. When speaking about risk management, many people assume that the main drive started in 2004, after the publication of the long awaited COSO ERM. Quite often, public sector practices tend … Continue reading Looking back – Risk management in the Belgian federal public sector
What is a risk register? A risk register is an as complete as possible overview of all the risks that may potentially impact an activity, a process, a division or an entire organization within the scope of a risk assessment. What is the purpose of a risk register? A risk register is a tool to … Continue reading How to build a risk trigger list
We don't want to know what can go wrong When I'm looking at a risk management implementation from an audit point of view, I often worry about two fundamentally opposite problems. On the one hand, I note that quite often the risk identification exercise is not conducted to ensure completeness. Often heard excuses are: "we … Continue reading Too few risks are identified, too many are managed
The risk management context often lacks clear boundaries One of the challenges of risk management is that its context is for all practical purposes unlimited. Risk management is about dealing with all the potential risks an organization can be exposed to, covers the entire scope of activities of that organization and all activities deemed relevant … Continue reading Risk and contextual limitations