Risk are accepted, mitigated or transferred at the point of decision-making
I have been thinking about how an organization can obtain assurance that risk (what might happen) is appropriately considered in decision-making.
As I have been saying for quite a while now, decision-making is where risk is taken.
We want all decision-makers to consider all the potential consequences of their decision (in fact, all the potential consequences for each option on the table) before making an informed and intelligent judgment.
We want to know that the right level of the right risks is being taken.
Looking at whether the organization’s risk appetite (a concept that frankly doesn’t work well for all sources of risk) has been exceeded is, at best, an after-the-fact control. It should not be satisfactory to management to know only after-the-fact that a poor decision was made.
So I had what might be a novel idea.
Let’s drive risk management effectiveness by improving decision-making – and let’s drive…
View original post 274 more words