Recent decades have seen much greater attention paid to risk management at an organizational level, as evidenced by the proliferation of legislation, regulation, international standards and good practice guidance. The recent experience of Covid-19 has only served to heighten this attention. Growing interest in the discipline has been accompanied by significant growth in the risk management profession; but practitioners are not well served with suitable books to guide them in their work or challenge them in their professional development.
This book attempts to place the practice of risk management within organizations into a broader context, looking as much at why we try to manage risk as how we try to manage risk. In doing so, it challenges two significant trends in the practice of risk management:
* The treatment of risk management primarily as a compliance issue within an overall corporate governance narrative; and
* The very widespread use of qualitative risk assessment tools ("heat maps" etc.) which have absolutely no proven effectiveness.
Taken together, these trends have resulted in much attention being devoted to developing formalized systems for identifying and analyzing risks; but there is little evidence that this is driving practical, cost-effective efforts to actually manage risk. There appears to be a preoccupation with the risks themselves, rather than a focus on the positive actions that can (and should) be taken to benefit stakeholders. This book outlines a simple, quantitative approach to risk management which refocuses attention on treating risks; and presents choices about risk treatment as normal business decisions.
