June 15, 2016
Risk Management, in Plain English
by Norman Marks
One reason for the disconnect between senior executives and risk practitioners is that the latter speak in technobabble.
For a while, I have been saying that one of the reasons for the disconnect between senior executives and risk practitioners is the latter’s language.
Leaders of the organization speak in plain English about the achievement of corporate objectives such as earnings, profits and projects.
Leaders of the risk management function talk about risks, impact or consequences and sometimes talk in technobabble about terms that only risk practitioners and statisticians understand, such as “risk capacity,” “alpha” and “residual risk.”
See also: How to Remove Fear in Risk Management
The traditional way of explaining the risk management process is (per ISO 31000):
- Establish the context
- Identify risks
- Analyze risks
- Evaluate risks
- Treat risks
- Communicate and consult (throughout the above)
- Monitor and review (continuously)
Can this be translated into plain English?
How about this:
- Anticipate what might happen
- Analyze the possibilities
- Ask: Is there a problem? Can we do better?
- What are the options? Can we improve them?
- Which is best?
I especially like the work anticipate. It’s better than talking about “uncertainty,” another word that risk practitioners understand (I hope) but that executives find difficult.
See also: How Risk Management Drives Up Profits
Isn’t risk management all about anticipating what might happen between where we are and where we want to be?
I welcome your thoughts.
Can we practice risk management in plain English and help leaders make intelligent and informed decisions without even knowing that this is “risk management”?