Comments on: Replacing Risk Management with Pure Awesomeness

By: Tom

Tom — Wed, 03 Jan 2007 19:02:09 +0000

I think we all practice “risk management”, to a certain extent. The issue is branding. People sometimes fear the risk manager as negative/bad/restricting. A well know company risk manager referrs to his work as “STEALTH” risk management. Somehow it is necessary to build the awareness and energy around managing the business which will inturn help to manage the risks.

Tom

By: Lawyers

Lawyers — Mon, 18 Dec 2006 17:03:25 +0000

Sometimes there is a greater liability in knowing the risk exist then not knowing. Risk is not always about the event itself. More frequently then should be, there are benefits it being ignorant or even pretending to be ignorant.
The lack of better integration between risk management, law, and market pressures, is where todays “IT” risk management exhibits its adolescents.

By: LonerVamp

LonerVamp — Wed, 13 Dec 2006 17:33:42 +0000

Definitely depends on the spin the company puts on things, even behind closed doors, and the impact of that incident. New Orleans made a risk management decision in their levee system to not withstand a category 4+ hurricane. Then one struck. Was there anything wrong with that risk assessment? Perhaps there was, but the evil in risk management is what happens when risk is managed/accepted and the unlikely events happen? Business has this weird “need” to always blame someone and “fix” that something, even for fluke, extraordinary incidents. That or credibility is diminished for years or longer.

At any rate, your first paragraph reminds me of an example I use a lot for security awareness and implementation. Most people know, deep inside, how easy it might be to break into their own house. But they tend not think about it and not do anything about it. Buy a home alarm system and get it set up? That is effort, time, and money, and thus they would rather not do that, and not even think about the incident. Of course, until it happens. I would bet that most people with security alarms (regular homes, not mansions and estates…) have them because of a past incident, not because of their inherent desire to prevent the incident in the first place.

By: Arthur

Arthur — Wed, 13 Dec 2006 16:13:02 +0000

Yes, somebody in Company A is probably going to be looking for a new job sooner rather than later, don’t you think? Company B, on the other hand? Instead, they’re saying, “Gee, who knew that could happen? How could we possibly have known?” Force Majure… Another day at the office…

Or the other way around. Company A knew about and accepted the risk and as a result had a plan for dealing with it should it become a problem and did so when the incident occurred. Whereas heads rolled at Company B because someone has to pay the price….

By: Pete

Pete — Wed, 13 Dec 2006 02:25:59 +0000

What are you drinking? I want some

Risk exists whether we know it or not. Even in the absence of active management, we are “managing risk” simply by accepting it, regardless of whether we are aware of it.

If we are exercising some sort of “due diligence” then somebody, somewhere must have determined what level of diligence was due. This, of course, is risk management. If we are “complying” with something, then somebody, somewhere must have decided what was necessary to comply. This, of course, is risk management. If we are “enabling” someone or something to do something else, then, well you guessed it – we must have managed risk in order to provide that capability.

Donn Parker’s article is hogwash all over and I was trying to illustrate one of the big reasons why with that quote about groupthink – somebody, somewhere MUST be doing risk management in order to get started. I apparently failed, but that’s life with my blog – I enjoy it anyway.

Now, an organization can assert its own right to evaluate its own risks, or it can rely on someone else’s judgement that relied on someone else’s judgement that relied on someone else’s judgement… and so on. In both cases, the folks are performing… wait for it…. RISK MANAGEMENT.