Why is Risk ID All Over the Map?

Show Notes

Main points              

Let’s discuss the confusion entrained by the supposed risk ID methods set out in conventional literature:

· interviews and surveys, questionnaires
· audits, physical inspection
· brainstorming
· networking with peers, industry groups
· judgemental - speculative, conjectural, intuitive

· history, failure analysis
· examination of personal experience or past agency experience
· incident, accident and injury investigation
· scenario analysis
· decision trees
· SWOT analysis
· flow charting, system design review
· work breakdown structure

Conclusions

We find that the items in this list are a hodgepodge of (often problematic) procedures, mere ways of thinking with no associated process, and examinations of risks already matured (compliance breaches, accidents and incidents that occurred in the past). 

I surmise that the reason for such dismal survey results extended over years (see Episode 1) is that managers who had no experience in risk ID tried it without clear methods or definitions, and so quickly became disillusioned with the quality of the results. Make sure you understand the pitfalls and deficiencies of random “methods”.

Following upon the very definition of risk given in the standards, a complete methodology is required. We present High Quality Risk Assessment. In our discussion so far you will find:

- High Quality Risk Assessment definition (Ep. 004)

- procedural grounding in proper planning (Ep. 005, 006)
- preparation of the Context Paper for the risk ID session (Ep. 007,008).

KEY QUOTE

“Such a multiplicity of [risk ID] methods might entrain confusion about the object of the exercise.” (Robertson, p.42)

LINKS 

E. Robertson Solving the Enterprise Risk Management Puzzle: Secrets to Successful Implementation (2016)