In his article ‘Reasonable approach to risk management’, Zern Liew draws our attention to the issue of managing business risk from a governance perspective. He asks the question; what does doing a good job at risk management actually mean?

In my o…

Like the universal tendency towards entropy.

I think the underlying issue here is the different definitions and understandings of risk.

Risk means different things to a manager from an accounting/finance/traditional business background, a manager from an infosec/national security background, and one from a design background.

This means a manager needs to be selected carefully to suit the business. There is no one-size-fits-all. What is reasonably acceptable to one manager is not to another.

You have picked a grey one here! (As often you do.) I have one experience where I watched the managing director of a company ‘risk manage’ a once creative, innovative company into a timid, reactionary former shell of itself.

By all observed accounts this manager was fiscally diligent, managed corporate governance issues without fault and would probably make the claim that they had done everything reasonable that can be expected to protect the business.

To this manager a ‘risk’ was something to be avoided rather than managed. Risks were seen as the things which could go wrong with the ’status-quo’ and these were indeed managed well. Businesses however need to take risks, to pro-actively go out and do things which are risky or the rewards will never come.

Of course risk need to be managed but doing the best for a business means creating those risks just as much as managing them!

Robert Rath