What should risk management be about?

We may talk about risk being the effect of uncertainty on objectives (ISO 31000), but we need to define it a little differently if we are to make risk management something valuable in running the business.

In this session, Norman Marks (a retired CRO and CAE) will share his opinion, that risk management should be about helping people make the business decisions necessary for success.

He will explain that it is difficult to help decision-makers consider the effects of uncertainty (both positive and negative) if you don't understand what decisions are being made, how they are made, when they are made, and what triggers the need for a decision.

He will talk about the need to provide 'actionable' information: information that goes well beyond a list of risks or a heat map, even the quantification of individual risks.