Talk:Risk management/Archives/2011

narrow aspect of risk management
This page is very much focused on a narrow aspect of risk management. There is a lot more to risk management than what is presented here. There are different kinds of risks (e.g. operational risk, etc.) and there are different philosophies (e.g. it's a myth that some risks are so important that they must be protected from at all costs)...I'll try to expand this article a bit more when I get time. Chadloder 20:14 Mar 29, 2003 (UTC)


 * Agreed. Though I believe I added a good start at a generalized introduction. I'm a bit at a loss as to how to use much of the narrowly focused material that is in the article, but I didn't want to remove it yet.  Some of the past material even from the original page was better general encyclopedic risk management dicusssions than what is in the article currently.  I am very confident the discussion I added about methods of dealing with identified risks is a generally accepted categorization. - Taxman 18:44, Apr 23, 2004 (UTC)
 * Well I think the new organization has at least moved the more focused discussion to a sub-heading, leaving the general discussion for the main article. Reading through past edits to pull back in some ideas for general discussion may be fruitful. - Taxman 19:25, Apr 23, 2004 (UTC)

I have tried to adjust the RM page to be more abstract in nature (not just financial in nature, but technological, schedule or programmatic risks as well). I don't think I was 100% successful, so please continue to adjust as appropriate.--96.244.247.130 (talk) 00:40, 17 June 2011 (UTC)

Okay, how about me trying a trial edit of the superb job that 96.244.247.130 did? I can probably get some "heavy academic hitters" to proof and suggest things? — Preceding unsigned comment added by Radarmark (talk • contribs) 18:28, 12 October 2011 (UTC)

from grateful reader:
I find the article very useful for my studies. thanks a lot. -
 * You're welcome, from one of the contributors at least. :) - Taxman 23:47, Nov 15, 2004 (UTC)

Helped me a lot without having to read a book. Before this I knew what George Castanza knew of risk management. zuzu in Sudbury, ON

Risk identification
I think the risk identification part is given too little attention. I am studying risk management to provide a practicle discription on how to use risk management in ones daily work (in software). This wikipedia page is very good base material for that. However, I think it is missing a bit in the identification part. How to identify risk? The two lines that are currently in could be enhanced. Does anybody have information, or should I write up my findings so far?
 * Indeed that section is lacking. I no longer have my textbook available, so I didn't have a reference to add good stuff from. If you have a good text or reference in front of you feel free to add what you can. Then add the text as a reference as in Cite sources. Thanks - Taxman 14:22, Feb 16, 2005 (UTC)
 * I had some more on my list, but cannot fiind support for them as distinct methods for risk identification: stakeholder analysis, problem management and missing information. There are more sources of risks than identification possibilities. Now, how about enhancing the assessment part? Create a separate subsection for it?
 * Hope it helps - SevenSigma Feb 17, 2005 (CTE)
 * Yeah, that's pretty good. For assessment, I just did that, moved the assessment to its own subsection and added an intro to it. I'm not familiar with these additional identification methods you mention. I've heard of stakeholder analysis, but I can't recall much on it at the moment. But if you have more on those and can find a source that discusses them as more or less separate methods, then discuss them there too. Or if they are not really distinct, just cover how they fit in. - Taxman 13:41, Feb 17, 2005 (UTC)
 * There is a risk identification method called "potential threats analysis" which is a variation/combination of other common methods. It involves the use of workshops, keyword lists and dynamic idea accumulation. I did a few projects using it and it seemed quite useful. Ever heard of such a thing? --Pakoistinen 10:13, 8 February 2006 (UTC)

--BigAppleBob 15:09, 12 October 2006 (UTC)==Suggestion== How about something on the link between Risk management, Internal control and Corporate governance ? At the same time there should be links to leading websites on risk management like http://www.erisk.com, http://www.theirm.org and other leading risk management websites.If any body can incorportae these suggestions it will be great otherwise I will incorporate the same whenever I have time.--221.134.144.67 13:51, 20 October 2005 (UTC)sanjiv
 * Yes that would be a good idea, please do it if you can. I don't know a whole lot about that integration. As far as the links I added IRM, but I've never heard of erisk. It looks to me like just another risk consulting company. It would have to be especially prominent to warrant inclusion. Do you have something justifying that prominence? - Taxman Talk 15:33, 20 October 2005 (UTC)

Decisions about the selection and implementation of risk management measures should include an evaluation of the Return On Investment (ROI), or the cost/benefit. I believe that a discussion of this topic should be included. Should I undertake to do so? --BigAppleBob 15:09, 12 October 2006 (UTC)

Replacement of material
An anon basically replaced the article with what I think is overall poorer material as shown in this diff. I've reverted, but the material the anon added isn't too bad in some cases. It didn't however make for a better written and properly focused and balanced article. It would be worth going through the material and seeing what is worth integrating back in. - Taxman Talk 15:33, 20 October 2005 (UTC)

Links to other topics
Added a few links to the text about business continuity planning, the concept of risk and degree training programs (a few more programs should be added over there). Also wrote a topic to explain a bit the differences and similarities between BCP and risk management practices. Please read through and correct me as you see fit. --Pakoistinen 10:06, 8 February 2006 (UTC)

Merge with emergency management
An article about emergency management also exists. I propose, since risk management and emergency management are essentially the same thing, this article be merged into the emergency management article and a re-direct be placed here.-- backburner001 00:28, 20 March 2006 (UTC)


 * They're not the same thing. For example one massively important example of risk management is managing financial risk. There are lots of others. Emergency management is just one particular case. I very strongly suggest they remain separate articles. Pcb21 Pete 11:51, 4 April 2006 (UTC)


 * I agree that emergency management and risk management are substantially different. These entries should remain separate. hogayoga

http://en.wikipedia.org/w/index.php?title=Talk:Risk_management&action=edit Editing Talk:Risk management - Wikipedia, the free encyclopedia


 * I too agree that Risk management and Emergency planning are very different, especially from the user/implementation perspective. Few Fireman will consider themselves Risk managers and vice versa. What might be useful to think about is Organisational Resilience aligns with Risk Management. It seems they is a lot of debate on this at the moment. Anyone have thoughts on whether it should be referenced here? 188.28.149.60 (talk) 11:48, 20 May 2011 (UTC)

About Further reading
There has been some to-ing and fro-ing about some articles in the Further reading section. The "three main standards that cover risk management" relate to an Australia/New Zealand standard. The web site cited at http://www.sia.com.au/ relates to stone (rocks, geology) and not finance. I guess that the person had http://www.sia.edu.au/ - this was the Securities Institute of Australia but is no more, as it merged in 2005 to create FINSIA. The PDFs referred do not appear in a public part of their website. Nor could I find them at http://www.saiglobal.com/ where an earlier revision suggested I might look. Therefore, I am going to remove the reference to the PDFs and add a qualifier that the standards are AU/NZ ones. Ringbark 15:05, 9 May 2006 (UTC)

A Possible Add for Risk Management Information Systems (RMIS)
Was hoping it would be cool to do a write up on Risk Management Information Systems (RMIS) and add a corresponding link to such a subtopic. RMIS are used primarily around business insurance program risk management (ala claims management, actuarial analysis, policy management, etc) but also for treasury operations as well (cash management, operational risk, etc) Just wanted to see if this was cool to do with group before posting up? TopiarydanTopiarydan 18:00, 25 May 2006 (UTC)
 * Would be great! Might want to get a short preview of it up fairly quickly - redlinked items are usually removed from the 'see also' list.   Kuru  talk  14:54, 28 June 2006 (UTC)

Risk Management Associations / Edit wars
As most people here will know, there have been acrimonious disputes between GARP members and PRMIA members over the years. Repeatedly, we see edit wars where one or other is removed from the article, and I believe that the same is happening to the cerification programs. As far as I am aware, PRMIA and GARP are both still active organisations; PRM and FRM are both still active certification programs. Even though I favour one of these over the other, I recognise that this is a personal view, and will support the right of the other one to exist and promote itself. Ringbark 08:30, 30 November 2006 (UTC)

Please Confirm This Book
Can someone provide the correct ISBN for this work?

The ISBN currently in the article is incorrect (it is too long). I easily find references to the author, F. Antonius Alijoyo, but just not to this book. Keesiewonder talk 02:04, 3 February 2007 (UTC)
 * I have removed the invalid number. It would still seem important to verify the existence of the book. --DRoll 05:55, 3 February 2007 (UTC)


 * I would actually question how it is being used as a 'reference' in the article. It was added here without any other material being added and the editor never made another edit.   Kuru  talk  06:18, 3 February 2007 (UTC)
 * I noticed that as well; feels like we should just remove the reference. Keesiewonder talk 10:19, 3 February 2007 (UTC)

External links - linkfarm
I propose removing almost the entire section per WP:EL, WP:SPAM, and WP:NOT. Currently, this section is a very large linkfarm, created without concern for the appropriate guidelines and policies. After a quick review of the links, I see a few in the "Others" section worth saving. --Ronz 17:00, 21 March 2007 (UTC)

Disaster Risk Management
Please give me stuff in about 5 pages my server was down and the deadline is 11:59 today —The preceding unsigned comment was added by 217.15.123.166 (talk) 17:41, 30 March 2007 (UTC).

Rissue
Hi - I'm new to Wikipedia so hopefully this is the right place to get some feedback on a concept and term that I have developed over a number of years delivering large scale IT projects.

The term is "rissue"and its definition is: "a project risk or issue that requires effort to address it".

I have provided some more information which encapsulate why I believe rissues are arguably more important than addressing risks and issues individually.

I look forward to your feedback and please advise if this type of discussion should be held elsewhere.

Kind regards, Mattheww nz 08:04, 19 July 2007 (UTC)

Rissue: Definition ~ "a project risk or issue that requires effort to address it".

Project management theory Project management theory is often presented as being fundamentally based around the project priority triangle. This consists of three key components: time, cost and quality. This theory is advocated by many project management practitioners and organisations including. If any element of a project is to change, then one of these three elements must adjust, i.e. if you want improved quality in the same amount of time then cost must increase.

Risk management To ensure projects are delivered on time, to cost and to the required quality it is imperative that risk and issue management is addressed to prevent changes having an adverse effect on these three elements.

However, the author believes that the process of managing risks and issues on large complex projects can often become a risk and issue in itself. This is due to spending time trying to categorise items and focusing on the wrong risks and issues.

Risks and issues A risk is typically defined as an issue that has not yet eventuated. An issue is a risk that has eventuated. These definitions while useful for categorising the state of a problem or perceived problem do not necessarily provide a Project Manager with the information that they need.

The key is for a Project Manager to know what they need to focus on. A risk that has a high probability of occurring and will have a large impact on the project is arguably more important than an issue that has a low impact on the project. Risks and issues must be stack ranked. So if the categorisation of a potential problem or problem as a risk or issue isn't important then what is?

Effort to address The most important thing that needs to be addressed is whether a potential problem or problem, i.e. a risk or issue, requires any effort to be expended to address it.

Taking the example of a risk that has a high probability of occurring and will have a large impact on the project versus an issue that has a low impact on the project, the former may require action whereas the latter does not.

Rissues This is where the concept of a "Rissue" has evolved. The definition of a "rissue" is "a project risk or issue that requires effort to address it".

The list of project rissue register is much easier to prioritise and manage which helps provide clarity to all to help ensure the successful delivery of projects.


 * Wikipedia is not a place to promote your own work. If this is a term and concept you have developed, go write some books about it or something.  Get it published elsewhere first and it might be appropriate for inclusion in an encyclopedia.  Friday (talk) 19:21, 19 July 2007 (UTC)

Risk equalization
I notice that PM Master removed a recently added piece I added on risk equalization at market level. You seem to think that this is not risk management, presumably because it is not what most individuals or companies that face risks do. But I would argue that at the level of society this is a risk management process because it is intended to share risks (or stricly speaking the cost burden of unevenly distributed risks) amongs all members of society by a financial re-allocation of insured risks known as risk equalization. It is not that much different from re-insurance which is another risk management strategy. It may not fit into the textbook definition that was given above it in the text that was referred to above the entry but then writer of that text did not write the definitive text on risk management for all time. And I did seperate that entry from the other risk management processes

If PM Master or other editors do not think this is risk management, please tell me what you think it is and where it should be explained in WP. To me Risk Management is exactly the right context for this. If nobody responds to this request I will simply add the entry back. I am by profession a banker and a projects manager so the concept of risk management is hardly unknown to me! --Tom (talk) 13:37, 22 January 2008 (UTC)


 * Hi Tom... Don't get me wrong, I think the information that you contributed is great, however, it doesn't really flow with the current subject. I see you already created an entry for this, the best thing in my opinion is to add a link to Risk equalization in the "See also" section. Pm master 21:26, 22 January 2008 (UTC) —Preceding unsigned comment added by Pm master (talk • contribs)


 * Sorry, but please explain what you mean by "flow". Are you saying that it is a form of risk management but it does not slide in nicely with what went previously? Or are you saying it has no place being discussed in the article because Risk equalization is NOT a form of Risk management? --Tom (talk) 22:27, 24 January 2008 (UTC)


 * Well, I have waited for reply and not received one. I disagree with your decision to delete the text and have therefore reinstated it. If you disagree with this decision still perhaps we can discuss this further here before a decision is made one way or another. --Tom (talk) 05:33, 30 January 2008 (UTC)


 * No please, this is your decision, not mine. The text does not belong here. Until now this article has been very clean, we don't want another Leadership article full of incoherent ideas. Please add a link to the article that you created in the "See Also" section, and do not duplicate it here, thanks. If you think I'm wrong, then feel free to request assistance from administrators. The content is very specific and does not belong in this article.Pm master 12:47, 30 January 2008 (UTC)


 * Just to make my point, searching for "Risk equalization" on Google (with the quotes) returns 2,640 results, while searching for any risk treatment in the article yields no less than 100,000 results (one returning more than a million, and another one 500,000). Clearly your edit does not fit here as a 5th risk treatment. The problem is that if this edit happens, it's going to open the door for a lot of irrelevant, incoherent, and specific material to be sneaked into the article, which will turn it into another Leadership article (check it to see what I mean), where everyone is throwing his/her own theory about issues. I have the utmost respect for your contribution, but this is not the place, you already created the article (which, afaik, was on speedy deletion, but yet survived). In case you see the information really relevant, please add a link to your article in the "See Also" list.Pm master 13:10, 30 January 2008 (UTC) —Preceding unsigned comment added by Pm master (talk • contribs)


 * The Google search numbers are irrelevant. And the speedy delete was removed because the person that placed that marker re-thought about it at my request and decided that it was wrong to delete. I am not throwing in a personal theory and I somewhat object to the claim that I am. Risk equalization is not a theory.. its practiced in several places where the burden of risk is to be shared between many risk holders. I did ask you tell me what this is if it is not a form of risk management and you have not answered. As for Leadership, WP is about collaboration which means that we try to strike a balance by discussing issues here and constructing a way out. Your instance on this being put in "See Also" seems to me like you are trying to take a leadership role and trying to direct the shape of the article. Please respect my attempt to contribute to the article. Please answer my question. If Risk equalization is not about risk management, then what is it? To me it seems to be just as much about managing risk disribution as insurance and re-insurance is. --Tom (talk) 16:39, 30 January 2008 (UTC)


 * Hi! Risk Management, in all major references, does not include a 5th risk treatment. As I said, your contributions are more than welcome, and I already answered your question multiple times, your technique is very specific (in both countries and domain) and should not be included in this article, otherwise we'd wind up with another Leadership article, a long, incoherent, and useless article. Google results determine how important/general each risk management technique is, so they are very relevant. Please let's try out best to keep this article a clean, coherent one. Risk Equalization is about Risk Management, but so are dozens of articles in the "See Also" section, and yet they're not mentioned anywhere in the article itself. Thanks again for your contribution, and please add a link in the "See Also" if you definitely think it should be mentioned in this article. Pm master 19:50, 30 January 2008 (UTC) —Preceding unsigned comment added by Pm master (talk • contribs)


 * One last thing Tom, please let's continue this conversation on either my talk page or yours. Pm master 02:20, 31 January 2008 (UTC) —Preceding unsigned comment added by Pm master (talk • contribs)

Outsourcing as risk transfer?
Since when has outsourcing been a process in risk transfer? I disagree completely with the statement in the article about outsourcing. Outsourcing in the sense described in the text and linked article is about risk mitigation rather than risk transfer. You may move the day to day management of risks to another company but fundamentally you still own the risk that the outsourcer manages for you. A firm may believe that the outsourcer has better management and control over specialized facilities which the outsourcer provides, but this is risk reduction, not risk transfer. Any company or project manager regarding this as risk transfer deserves to fail. I am afraid to change it though, in case I am accused of writing a leadership article (whatever the heck that means!) or in case it does not agree with the text books I need to refer to before I can begin editing. --Tom (talk) 00:36, 1 February 2008 (UTC)


 * Hi Tom! I'm OK with what you're saying. It doesn't make much sense for me either. --Pm master 11:41, 1 February 2008 (UTC) —Preceding unsigned comment added by Pm master (talk • contribs)

Hi read this guys... Purchasing insurance and outsourcing are common forms of assigning or transferring risk. Sybex CISSP 4th ed 2008 page 229 —Preceding unsigned comment added by 217.128.71.243 (talk) 20:12, 2 November 2009 (UTC)

Risk treatments and Risk management plan
I find not very good balance and logic between "Potential risk treatments" and "Risk management plan".. The former is ok: risks can be treated several ways. And risk treatment does not need to limit to only alternatives of defending nature. Identified risks can be taken as challenges for development of organization, its products etc.

In "Risk management plan", "Implementation" ,and, "Review and evaluation of the plan" the scope is narrow, and text written here is valid for only one risk treatment alternative: "Risk reduction". It is confusing to speak here about controls. In COSO-ERM controls exist to ensure that risk treatment is cartried out as decided, otherwiase controls belong to internal control vocabulary.

I propose that "Risk management plan", "Implementation" ,and, "Review and evaluation of the plan" chapters are deleted. —Preceding unsigned comment added by F2s (talk • contribs) 16:26, 24 April 2008 (UTC)

Risk Management
Explain wheter risk are tolerable or not. according to three risk categories in terms of the "As low as reasonably pratical point of view. —Preceding unsigned comment added by 41.240.185.118 (talk) 09:17, 18 June 2008 (UTC)

Risk Communication
The page "risk communication" forwards here. I'm curious to know if they were separate but combined at one point, or if this has always been so. If this page is the accepted proper space for a discussion of risk communication, I think we need more information.

Particularly, the work of Peter Sandman and Edward Berneys, who developed some of the most mature and widest-used theories on communicating risk, should be included in the discussion.

Wolfraem (talk) 15:34, 14 July 2008 (UTC)

Information risk management
Hi, where can I read about information risk management, as relates to information technology and risk management? Article in question is SecureData ( http://www.securedata.co.za/ ) currently part of Companies traded on the JSE. --Mr Accountable (talk) 22:22, 11 August 2008 (UTC)

Validity of ISO31000
Hi,

I wanted to know more about ISO/DIS 31000 but it seems that the standards is not defined yet, is it? If it is still "under development" should it figure at all in this article and in particular as a reference ?

Ghaag (talk) 08:35, 24 February 2009 (UTC)

Credit Policy Institute
Due to the lack of generally accepted guidelines and conflicting regulatory approaches to oversight, the banking industry has not developed a way to create and share credit policy standards or best practices. The Credit Policy Institute is working with a number of senior bank credit officers, industry associations, and academic professions to launch a new 501c3 nonprofit research and education based forum to address this need - www.creditpolicyinsitute.org. Smtbrady (talk) 21:55, 25 March 2009 (UTC)smtbrady

A Criticisms Section?
I was interested in adding a "Crticisms of Risk Management Methods" section based on the books The Failure of Risk Management: Why It's Broken and How to Fix It by Hubbard and The Black Swan and Fooled by Randomness by Taleb. But I'm no Wikipedia pro and I want to make sure this is going in the right place. Here are my questions:

1) Is this the right place? Perhaps these are mostly (but not all) criticisms of risk assessment and I see there is another article for that.  2) I might need a little help on the formatting issues (bullet lists, citations, etc.). I'll take a first shot but maybe someone can check it out for me. 3) I have a total of five criticisms. Should each criticisms be cited with the reference or can I just give a single source for several?  I could go into specific page numbers but I don't see many other citations doing that in Wikipedia.  They are all in Hubbard's book and some are also mentioned in Taleb's books.  Here they are.


 * "Soft" methods based on "risk scores" tend to be developed in isolation from any research in the decision sciences and add their own sources of error by the use of arbitrary scales. Known errors and biases in subjective human judgement are not accounted for or controlled for in any way.
 * Methods using Monte Carlo simulations usually use at least some subjective estimates of probabilities or ranges but fail to account for systematic overconfidence and inconsistencies in how human experts assess odds.
 * Methods based on well-known financial models such as Value at Risk, Modern Portfolio theory or Options Theory make assumptions about the random movement of the market that are known not to match historical data (e.g. the assumption that changes in the market are normally distributed)
 * Different definitions of risk are used in different fields and relatively little collaboration happens between risk analysis experts in different fields such as nuclear power safety, financial portfolio management, IT security risks and so on. Risk analysis in each of these fields is developed in relative isolation from other fields and, as a result, some risk analysis methods are much less developed than others.
 * Risk assessment methods from any field are rarely tracked and rated against observed outcomes on a systematic bases. Even in environments that appear to be using quantitative methods, risk assessment methods are not compared to observations of forecasted events.  As a result, several ineffective risk assessment methods persist.

It seems like an important topic given the current economic climate, the threat of pandemic, relatively recent natural disasters, terrorism, etc. and I don't see anyone in Wikipedia pointing out these problems? What do you think? DFLovett (talk) 00:25, 6 May 2009 (UTC)


 * Not invalid arguments, but probably beyond the laymans scope of the present article. Suggest new articles be created in WP under these subjects, for WP cannot cover all risks nor all methods to manage risk without some degree of organization.  The article is already too long. --173.69.135.105 (talk) 03:10, 14 October 2011 (UTC)

Just ISO Risk Management??
Upon closer reading, it appears that someone has writen about risk management within one narrow discipline instead of the broader topic of risk management. This article appears to be risk management from an ISO point of view. This is not the only risk management source and not even the most sophisticated approach. I rewrote the opening section to reflect a broader topic of risk management to include actuarial science, project risks, public health and safety, market risks and credit risks. I also mention other widely acceted sources of standards on risk management besides ISO. The "Introduction" section also needs to be about something other than just what the ISO standard says. This might address some of the flags at the top of the article.DFLovett (talk) 01:29, 6 May 2009 (UTC)

Merge with hazard prevention?
I can see how hazard prevention may be a facet of risk management, but at the same time, hazard prevention is a very independent subject which also exists outside the umbrella of risk management. I think a sub-section on hazard prevention (linking to the main article) in the risk management article is more appropriate. Ytiugibma (talk) 10:03, 17 July 2009 (UTC)
 * I just put a sub-section under the risk avoidance (section). You know wikipedia: move it, change it, delete it or leave it. Ytiugibma (talk) 10:12, 17 July 2009 (UTC)

Validiy of reference 4 ^ "Committee Draft of ISO 31000 Risk management" (PDF). International Organization for Standardization.
This is not an approved ISO International Standard. I believe this reference could lead to a confussion. Koke0 0 (talk) 15:51, 25 August 2009 (UTC)

Reorganization
This article desperately need to be reorganized because a lot of info is repeated.Trout Fisher 03 (talk) 20:42, 18 August 2009 (UTC)

“Further Reading” Needs a Broad Risk Management Text Reference
The further reading section refers readers to many specialized texts on various aspects of risk management as well as relatively new risk management disciplines (i.e., enterprise risk management). It includes no texts on the traditional view of “risk management,” which has been taught in certain U.S business schools for about 40 years. There are many texts that could be included here. I had included a short primer that is freely available in PDF format to anyone. The author, Dr. George Head, CPCU, ARM, is considered by professional risk managers in the U.S as one of the pioneer educators in the field, and “Risk Management – Why and How” was his last writing before his retirement in 2009. It was deleted with the simple explanation that the link was “spammy.” It doesn’t make sense that a free 77-page e-book that clears up many of the questions asked on this Wikipedia page is spam. Perhaps my mistake was linking to the html landing page for the e-book rather than directly to the PDF. I have re-posted the reference but have linked directly to the PDF this time in the hope that it will be an acceptable approach. If the editors desire, I can also add some classic texts on the subject that are available for purchase or at libraries. --RiskWise101 (talk) 14:23, 5 April 2010 (UTC)
 * The Further reading section is superfluous, and is distracting editors from substantial contributions to the article. I'd remove the entire section if I didn't think some of the entries might be useful in verifying content in the article. --Ronz (talk) 15:09, 5 April 2010 (UTC)

Intended scope?
I am an experienced risk manager, with no allegiance to any particular institute, who would like to help sort this page out, but I am struggling a little to understand the scope required, and the relationship this page has to others e.g. enterprise risk management.

Are we looking for a page with general information on the development of risk management as a business discipline, with references to various standards, reg initiatives (e.g. BASEL/Solvency II), professional bodies etc with the detail of processes/stages of risk management on separate pages so this stands as context setter with an overview of how risk management is used? Would appreciate comments or suggestions if this is not the scope requiredLouizehh (talk) 12:28, 26 April 2010 (UTC)
 * As the main page on risk management it should be the most high level overview of the topic. That means it should be relatively focused towards what someone not already entirely familiar with the subject would want to know about it. Then you're right that more details on each of the subtopics should be moved off to sub articles; that means prioritizing subtopics. This article shouldn't focus too much on the business aspect itself, but that would be one of the subtopics it should cover. The article should certainly have some description of risk management theory and general process as well but of course not too much. I have only general textbook risk management knowledge and experience in the financial industry which helps with some understanding of how risk management works in general. I should be able to provide guidance to help balance the topics that the article ideally would cover and how much space it should give to each, especially since you can provide the bulk of the perspective with your knowledge as a practitioner. - Taxman Talk 22:20, 26 April 2010 (UTC)

Hi Taxman - sorry I got tied up in other stuff for the past couple of weeks, but should have time to put some text together in the next few days. Not coming at this from an exclusively business perspective - there are lots of other areas which better demonstrate various aspects of risk management so will try to put together an intro which deals with uncertainty, and framework for managing it which is appropriate to outcome - i.e. a lot of risk analysis - for example in the airline or nuclear power fields - is focused on reducing the potential for catastrophic failure and - taking notes below into account - it is not (necessarily) an overanalysis of day to day operational process by "experts". So, I think the historic perspective has some value as it has become a ubiquitous phrase but only in the last few decades. Maybe then explain the economic basis for risk management (which dates back to the 1920s) and describe how risk management has been expanded into lots of fields - with the terminology largely remaining the same but the objectives being somewhat different which is the root I think of some of the frustration being expressed below. Bad risk management exists in all fields, and no one gets more annoyed about it than I do. I shout at my TV on a regular basis when I hear it! —Preceding unsigned comment added by 86.177.76.207 (talk) 20:47, 19 May 2010 (UTC)

Above was me - I forgot to log-in!

There is also some very interesting writing out there on the subject of the human response to uncertainty and risk. Lots of people will have read Nassim Nicholas Taleb (Fooled by Randomness/The Black Swan) in the wake of the credit crisis, but there is another author Gerd Gigerenzer who is fascinating on the human response to dealing with uncertainty, and deals with much wider ranging topics e.g. breast cancer screening and the nuclear power industry perceived risk versus actual. Will bring them both in to the re-edit.

Will try to post by the close of the weekend, if not before. —Preceding unsigned comment added by Louizehh (talk • contribs) 21:22, 19 May 2010 (UTC)

Devils Details
The arrogance of business "organization" and monetary distractions creates the culture of ignorance. Too often the bottom line minimizes the legitimate concerns and the implementation of comprehensive Risk Analysis to the point that should the risk occur (especially exacerbated by the ignorance of the illusions of security). Business Analysis unequivocally demonstrates the pervasiveness of poor process where the executive, despite adequate examplification and analysis, denigrates the correct methods/solutions/strategies, subjugating an adequate or good solution to the personal meanderings made without the experts that have been deployed to provide the best advice. E.g. The pre-emptive 'executive' selection of a vendor or product without complete needs analysis, evaluation criteria, and alternatives selection for evaluations dminishing the value of any real process in place.

Similarly the same level of perpetuated inadequacies applies to all business decisions on risk, unless an 'executive' exists that adheres to the process allowing the experts of their respective fields to provide the adequate "weights" to the analysis for the solution.

Processes may mitigate this adeqautely but are miore than likely beyond the current realm of intellligent analysis. E.g. Operational dress rehersals where day to day is anayzed and over criticised and exceptions not diminished by notions like " we that can't happen because we have rules in place." —Preceding unsigned comment added by 74.56.41.52 (talk) 13:06, 8 May 2010 (UTC)


 * It is unfortunate that in business there is an inescapable propensity to believe, and practice, that by giving a process a name, and a rudimentary operational structure, that it completes the requirement for a system and is validated through recognition of the name only. Business, nor goverment, can not be relied upon, nor trusted, to maintain the best interests of all, especially while insisting that such rubber stamped components as Risk Management are comprehensive and complete.


 * Given example: Obama lifted some of the sanctions of offshore drilling a mere month before the Gulf disasters. Proper Risk Management techniques would have clearly lead to an examination of: standards and process, and the violations being perpetuated by the very regulatory body that was implemented to protect against them and would/should have been discovered if the Business Analyst BA assisting with the analysis had done anything more than a less than mediocre job.  Given the nature of the Gulf offshore project BP would then analyze the world experience in the technologies and redoubled efforts on standards tolerances, design and innovation and then commence an on-going regime of testing and retesting.  Considering the possible level of calamity this becomes elementary.  This is excepted of course by the governmental administrations lack of real protection and recourse, and of course businesses poor regard for analysis.  Any Risk Management system is subjugated by design to be acceptable to management rather than concise correctness and is based on ridiculous assumptions of probability and severity.  Like oil and water business minions and scientists seldom regard the same side of the assembly the same way.  That is truly the sad part since scientific training is really what is required to make a solid Risk Assement/Management effort considering severity and probabilities.  BP's Risk Management techniques, if it had the benefit of ture analyssis would have performed operational 'dress rehersals' - this is not merely the acting out of order but an analysis examining performance traps such as lack of backup alarms systems, human fallibilities and performance tendencies, disaster prevention, recoverability, etc.


 * There is little accountability when it comes to delivery of quality with the same weak, haphazard techniques precribed to Risk Management as everything else. It is a buzz word, with a valid idea behind it, but in its current incarnation is meant to sell businesses a notion - that the business can publically market the idea that they have systems and practices to accomplish standards and function, but is also used as a vector that can be deployed to dissuade valid concerns over risk and safety. 74.56.41.52 (talk) 16:38, 25 May 2010 (UTC)


 * That's an interesting perspective, but I would have to ask: are you recommending that the article be deleted as unfactual, heavily rewritten to fit your interpretation, or are you just venting? If the first, I think many in the field would be able to point to reams of printed matter on the subject to back up the idea that it's a common enough concept to warrant a page (factual or not).  Else, can you justify the idea of a rewrite with quotations from some sort of published, non-OR matter?  If neither of these, and you are just venting, I would point out that the discussion page isn't really there for that purpose.  Have you considered the use of the preview button as a "is this appropriate" option or a personal talk page perhaps? -207.102.144.28 (talk) 17:50, 21 October 2011 (UTC)

Hazard prevention, merge to here
I suggest that Hazard prevention should be merged to Risk management. --SmokeyJoe (talk) 21:19, 5 July 2010 (UTC)


 * Well, either here or in emergency management. I would think it's a matter of whether or not there's enough of a substantative meaning (and associated usage in applicable speech and/or literature) that's seperate enough from the other two potential merge articles.  I think not, but that's from my background in BCP/RM.  A firefighter or a UNOCHA first responder may say differently. -207.102.144.28 (talk) 17:36, 21 October 2011 (UTC)

Literature
Books/papers by most important scholars/professionals in this field? — Preceding unsigned comment added by Lbertolotti (talk • contribs) 19:18, 11 June 2011 (UTC)

Bow Tie diagrams
--173.69.135.105 (talk) 02:52, 14 October 2011 (UTC) The only reference for Bow Tie diagrams is marketing for a commercial tool and also lacking in explanation of the role that they (it) play in risk management in WP. Needs help here.
 * Having researched the single reference, there is nothing here but marketing from a single source, and vague at that. I removed the section completely.  Revert it and there had better be more here that is meaningful - like more sources and better explanations of what constitutes a bow tie diagram, and the utility by case of some good examples.--173.69.135.105 (talk) 03:06, 14 October 2011 (UTC)
 * Good call. It needs independent, reliable sources. --Ronz (talk) 15:59, 14 October 2011 (UTC)