This article is a rewrite of an article I originally wrote about six years ago on a now discontinued blog aptly titled “complexity risk management”. I am reviewing a paper on risk management and felt it relevant to update this post as an additional comment to one of my review points. Whenever I speak about … Continue reading Why I use a static and a dynamic phase in a risk management approach?
An interesting article on risk register obsolescence I recently read this article by Michael Werneburg which was subsequently updated here. The article deals with the evolution of risk management in organisations beyond the use of risk registers into a risk mature organisation. It restates and reiterates a number of points that have been made by … Continue reading Risk management maturity – moving beyond risk registers?
It has been quite a busy week, so I've not been able to write for the blog. I have, however, been reading a lot. While it was not primarily on my agenda, this article on risk management caught my eye. It makes a concise and very clear distinction between risks and risk sources. A recommended … Continue reading Risk versus risk sources
I wrote this article in 2012 for a foreign speaking engagement. It gives a short overview of risk management evolution in the Belgian federal government. When speaking about risk management, many people assume that the main drive started in 2004, after the publication of the long awaited COSO ERM. Quite often, public sector practices tend … Continue reading Looking back – Risk management in the Belgian federal public sector
What is a risk register? A risk register is an as complete as possible overview of all the risks that may potentially impact an activity, a process, a division or an entire organization within the scope of a risk assessment. What is the purpose of a risk register? A risk register is a tool to … Continue reading How to build a risk trigger list
We don't want to know what can go wrong When I'm looking at a risk management implementation from an audit point of view, I often worry about two fundamentally opposite problems. On the one hand, I note that quite often the risk identification exercise is not conducted to ensure completeness. Often heard excuses are: "we … Continue reading Too few risks are identified, too many are managed
The risk management context often lacks clear boundaries One of the challenges of risk management is that its context is for all practical purposes unlimited. Risk management is about dealing with all the potential risks an organization can be exposed to, covers the entire scope of activities of that organization and all activities deemed relevant … Continue reading Risk and contextual limitations
Introduction We 've established in the prior two parts of this series of posts that current EWRM practices may lead to situations in which the original and ultimately responsible parties, the process owners, become disenfranchised and no longer own the responsibility of managing risks to their objectives, although this is a key responsibility. Process owners … Continue reading The state of EWRM part III – Essential EWRM practices
Introduction Here's an often heard remark in organizations: we want risk management, but we cannot or will not yet make the full required effort. Well, if that is the starting position, the best thing the person charged with the project of implementing risk management can do is hand back that project to the project owner … Continue reading Management challenges in implementing real risk management
The other side of the coin A couple of days ago, I wrote an article on risk acceptance and how it actually requires a lot of work in terms of contingency planning. Of course, there is another side to that coin. The curse of middle management What is the scope of your responsibility? How able … Continue reading Adequate risk management requires responsibility and response-ability