According to ISO 31000, “Risk is the effect of uncertainty on objectives”. The first time I set eyes on this definition it was difficult for me to fully grasp the reach of this definition. At that time I was already convinced Risk had both a positive as well as a negative component. Risk, as I saw it at that time (2009), held the prospect of both gain and loss, depending the situation and / or the effort spent to manage Risk.
However, when you think it through, it is clear the ISO 31000 definition is exactly what I thought Risk was. The effect of uncertainty can be negative and/or positive, understood gain is positive and loss is negative. Unfortunately, many Risk Management practitioners don’t see it this way. They are accustomed to deal with negative effects only and want to keep it that way. This is because the positive side of Risk, aiming for profit and gain, traditionally is the privilege of managers.
Nevertheless, when one group of people only focus on taking risks (going for profit by managers) and other people are busy with the risks run (dealing with the negative effects of uncertainty on objectives by Risk Managers), it is very difficult to reach optimum decisions. Because, at first sight, the decisions to be taken to increase profit, can be the opposite of the decisions necessary to reduce the likelihood of bad things happening.
Therefore, Risk Managers are often viewed as people slowing down managers in their efforts to make a profit. Or worse, when there’s a lack of coordination between the two groups, wrong decisions can result in huge damage to the organisation.
A recent example of this lack of understanding of risks involved and insufficient Risk Management, is what has happened to the VW group. Too much focus on growth and profit caused managers to develop fraudulent solutions to cope with legal compliance, while misunderstanding / disregarding the objectives of important stakeholders. This resulted in immense losses in shareholder value and will be followed by more expenses in the months to come when the full effect of uncertainty on the involved objectives will have materialised.
ISO 31000 is a guidance standard on how organisations can overcome this dual approach and bad results. Its purpose is integrating Risk Management in all processes and at all levels of an organisation. It allows for optimum decisions, aiming for profit, while reducing the likelihood of losses, because the same principles, framework and process can be used to manage both sides of Risk in concert. It is about performing safely.
Risk Management tools can be used for both sides of Risk. They are useful to manage innovation and growth, building on strengths, pursuing opportunities and developing new ideas, but they are also beneficial in dealing with the threats, hazards and weaknesses, which could harm the intended progress. Risk Management helps to develop a clear vision on objectives and aids in taking well informed, and therefore also better, decisions.
Should you want to know more about the ISO 31000 Standard and get certified, check out the following link and pursue this opportunity!
More information on G31000.org
Since September 2014, Peter is also employed at TUDelft, working as a PhD researcher for the Safety Sciences section of the Technology Policy and Management faculty.
As the managing director of G31000 Europe he is now a trainer and consultant using the ISO 31000 Risk Management Standard.
Some of his articles can be read on LinkedIn