WHAT IS RISK MANAGEMENT?
In common use, risk management is the general term used to describe the processes and systems used to deal with risk.
So understanding risk management, not surprisingly, requires understanding risk.
"Risk" is a very commonly used word with a meaning that continues to evolve. The Society considers that the definition of risk given in first international standard (published in 2009) on risk management ( ISO 31000) "the effect of uncertainty on objectives" is the most useful one.
This definition makes it clear that the key aspect of understanding risk is understanding the effect of an uncertain event on objectives. So, the "risk" isn't the chance of having a fire (for example) but the chance that value will be destroyed and or income flow disrupted should a fire occur - assuming preserving value and income flow were part of the objective.
From this, it can be seen that risk is particular to the objectives of the individual, organisation (or even society as a whole). Risk arises because those objectives are pursued against an uncertain background. Although individuals and organisations control their objectives, they cannot fully control or predict all the events that happen in environment in which they operate. It is these uncertain events, overlaid on the particular objectives, which generate risk.
Risk is usually characterised by describing both the effects or consequences and the chance of experiencing those consequences (known as "likelihood"). The level of any particular risk can be expressed by combining the two considerations (i.e. the potential consequence in terms of the objectives, and the likelihood of those consequences being experienced).
Because risk is directly linked to objectives, risk is not inherently "bad". Many objectives can only be achieved by being willing to accept at least some risk. If risk can be managed effectively, opportunities can be exploited and hazards avoided.
Small wonder then that it is beneficial for individuals, organisations and governments to become increasingly proficient at understanding risks and knowing whether, how and when to "treat" those risks in order to improve the chance of realising objectives.
So risk management provides a disciplined and structured way of describing what you want to achieve (objectives), working out what might affect that, how likely it is, deciding what systems and protocols to put in place to address those situations, and putting them in place. Good risk management also means two way communication with those affected, and continually monitoring what is going on.
The most common misconception about risk management is that its purpose is to avoid risk. In fact, its purpose is to make success more likely. As one commentator put it, "effective risk management allows you to run faster".
HOW "OBJECTIVES" CREATE RISKS
Example 1 - Living in Wellington
Some people live in Wellington for positive reasons to do with work, lifestyle, climate or being close to the body politic. This choice is made notwithstanding that about every 500 years or so, they and their city is highly likely to be subjected to sudden and very high ground accelerations when the Wellington earthquake fault next ruptures as a result of the continual build up of strain through movement of the earth's tectonic plates beneath. The risk that their objectives in living in Wellington could be thwarted by death, injury and massive disruption to day to day life is managed through building codes, resilient infrastructure, earthquake insurance and personal precautionary behaviours (such as storing a few days food and water and bolting down heavy furniture).
Example 2 - Investing in commercial ventures
Other people invest money in commercial ventures with the objective of generating wealth. They do this knowing that achieving this objective requires many things including; operating in competitive and regulated environments, establishing and preserving a good reputation, relying on expensive staff whose capabilities are not completely known, facing uncertain exchange rates and raw material costs, and not knowing exactly what the demand is for the organisation's products or services. The risks to the objective of generating wealth can be managed by, for example, sound market analysis and strategic planning, good governance, careful staff selection, continual monitoring of the external environment and responding in an agile way to change - in short by understanding and controlling risk.