Gems from the Principles of Risk Management

Checking out the draft standards for risk management proved to be more interesting than I thought. Expecting a quick ticket to the land of nod I was therefore pleasantly surprised at how useful they were. You should give them a read too.

Monday, October 31st 2011, 5:00AM 2 Comments

by Russell Hutchinson

Turn, for example, to the principles for managing risk, there are some gems:

Firstly, that risk management "creates value". That means we help people create value, and if we don't we don't do it. It is very reassuring to consumers to say "no unnecessary insurance sold by me".

Next up we find that it should be an "integral part of the organisational processes" whether you are selling to the lowliest of domestic clients or the largest of corporates, you want to become part of the process. We haven't sold any insurance yet, but what we want to do is sell the idea of considering risk management, and doing that with us.

Another favourite is that our process must ‘explicitly address uncertainty'. That means finding statistics and talking about the likelihood of real-world events. It means quantifying, not just randomly scaring people. This must be based on ‘the best available information' which is a great concept for both extracting good risk, product, and pricing, data from companies, and good health data from clients.

The service must be ‘tailored'. No sneaking around offering "class" services, you should actually offer a personalised service: because experience of risks varies a lot between people. That service must take human and cultural factors into account. Only standards bodies need to specify this, because in the real world where people don't do business with you if they don't like you much, you probably already do this quite well. But we don't mind a challenge - so how can you improve? Discussing the impact of events on clients is a good tool. Another is talking about risk events and staying quiet after you have asked them exactly how they will manage should one ever happen to them.

The final gem from the list had to be the requirement that the process is "dynamic, iterative, and responsive to change". In order to not worry about your risk management, you need to check it regularly.

« What is your IP and how do you protect it?

Who should be made to comply? »

Special Offers

Comments from our readers

On 31 October 2011 at 8:20 am Bazza said:

Becareful though. If you say you do 'risk management' make sure your not a one trick pony and only recommend transferring the risk via insurance everytime. There are many ways to skin a risk.

On 3 November 2011 at 8:46 am Russell Hutchinson said:

Indeed, after identification, assessment, and evaluation we have:

Avoid
Mitigate
Manage
Transfer
and Monitor

Commenting is closed

Printable version

Email to a friend