First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Explaining risk management in plain English

risk managementCan we practice risk management in plain English and help leaders make intelligent and informed decisions without even knowing that this is ‘risk management’?

I have been saying for a while that one of the reasons for the disconnect between senior executives and risk practitioners is the latter’s language.

Leaders of the organization speak in plain English about the achievement of corporate objectives such as earnings, profits, and projects.

Leaders of the risk management function talk about risks, impact or consequences, and sometimes in technobabble about terms that only risk practitioners and statisticians understand, such as ‘risk capacity’, ‘alpha’, and ‘residual risk’.

The traditional way of explaining the risk management process is (per ISO 31000):

  • Establish the context
  • Identify risks
  • Analyze risks
  • Evaluate risks
  • Treat risks
  • Communicate and consult (throughout the above)
  • Monitor and review (continuously)

Can this be translated into plain English, without using the ‘R’ word?

How about this?

  • Anticipate what might happen
  • Analyze the possibilities
  • Is there a problem? Can we do better?
  • What are the options? Can we improve them?
  • Which is best?
  • Decide
  • Act
  • Review/monitor/learn

I especially like the work ‘anticipate. It’s better than talking about ‘uncertainty’, another word risk practitioners understand (I hope) but executives find difficult.

Isn’t risk management all about anticipating what might happen between where we are and where we want to be?

I welcome your thoughts.

Norman D. Marks, CPA, CRMA
Author, Evangelist and Mentor for Better Run Business
OCEG Fellow, Honorary Fellow of the Institute of Risk Management

Interested in reading more on the topic of risk management? You may be interested in reading one of Norman D. Marks’ previous blog posts Risk and how we run our business. In this post Mr. Marks uses a metaphor involving the board game of Monopoly to illustrate how he feels about risk management.

Occasional Contributors

In addition to our regular guest bloggers, Inside Internal Controls blog published by First Reference, provides occasional guest post opportunities from various subject matter experts on the topics of risk management and best practices in finance and accounting, information technology, environmental issues, corporate governance, sales/marketing and operations, not-for-profits and business related issues in Canada. If you are a subject matter expert and would like to become an occasional blogger, please contact Yosie Saint-Cyr at If you liked this post and would like to subscribe to Inside Internal Controls blog click here.

, , ,

Comments are currently closed.