Talk:Risk management

From Wikipedia, the free encyclopedia

This article is being improved by WikiProject Rational Skepticism. Wikiproject Rational Skepticism seeks to improve the quality of articles dealing with science, pseudosciences, pseudohistory and skepticism. Please feel free to help us improve this page.

See Wikipedia:Contributing FAQ.
B This article has been rated as B-Class on the Project's quality scale.
(If you rated the article please give a short summary at comments to explain the ratings and/or to identify the strengths and weaknesses.)
This article has been marked as needing immediate attention.

Nice to see an infusion of business information at the Wikipedia.

Should be very helpful for my studies.

V salute U.


This page is very much focused on a narrow aspect of risk management. There is a lot more to risk management than what is presented here. There are different kinds of risks (e.g. operational risk, etc.) and there are different philosophies (e.g. it's a myth that some risks are so important that they must be protected from at all costs)...I'll try to expand this article a bit more when I get time. Chadloder 20:14 Mar 29, 2003 (UTC)

Agreed. Though I believe I added a good start at a generalized introduction. I'm a bit at a loss as to how to use much of the narrowly focused material that is in the article, but I didn't want to remove it yet. Some of the past material even from the original page was better general encyclopedic risk management dicusssions than what is in the article currently. I am very confident the discussion I added about methods of dealing with identified risks is a generally accepted categorization. - Taxman 18:44, Apr 23, 2004 (UTC)
Well I think the new organization has at least moved the more focused discussion to a sub-heading, leaving the general discussion for the main article. Reading through past edits to pull back in some ideas for general discussion may be fruitful. - Taxman 19:25, Apr 23, 2004 (UTC)

Contents

[edit] from grateful reader:

I find the article very useful for my studies. thanks a lot. - <bisaya>

You're welcome, from one of the contributors at least. :) - Taxman 23:47, Nov 15, 2004 (UTC)


Helped me a lot without having to read a book. Before this I knew what George Castanza knew of risk management. zuzu in Sudbury, ON

[edit] Risk identification

I think the risk identification part is given too little attention. I am studying risk management to provide a practicle discription on how to use risk management in ones daily work (in software). This wikipedia page is very good base material for that. However, I think it is missing a bit in the identification part. How to identify risk? The two lines that are currently in could be enhanced. Does anybody have information, or should I write up my findings so far?

Indeed that section is lacking. I no longer have my textbook available, so I didn't have a reference to add good stuff from. If you have a good text or reference in front of you feel free to add what you can. Then add the text as a reference as in Wikipedia:Cite sources. Thanks - Taxman 14:22, Feb 16, 2005 (UTC)
I had some more on my list, but cannot fiind support for them as distinct methods for risk identification: stakeholder analysis, problem management and missing information. There are more sources of risks than identification possibilities. Now, how about enhancing the assessment part? Create a separate subsection for it?
Hope it helps - SevenSigma Feb 17, 2005 (CTE)
Yeah, that's pretty good. For assessment, I just did that, moved the assessment to its own subsection and added an intro to it. I'm not familiar with these additional identification methods you mention. I've heard of stakeholder analysis, but I can't recall much on it at the moment. But if you have more on those and can find a source that discusses them as more or less separate methods, then discuss them there too. Or if they are not really distinct, just cover how they fit in. - Taxman 13:41, Feb 17, 2005 (UTC)
There is a risk identification method called "potential threats analysis" which is a variation/combination of other common methods. It involves the use of workshops, keyword lists and dynamic idea accumulation. I did a few projects using it and it seemed quite useful. Ever heard of such a thing? --Pakoistinen 10:13, 8 February 2006 (UTC)

--BigAppleBob 15:09, 12 October 2006 (UTC)==Suggestion== How about something on the link between Risk management, Internal control and Corporate governance ? At the same time there should be links to leading websites on risk management like http://www.erisk.com, http://www.theirm.org and other leading risk management websites.If any body can incorportae these suggestions it will be great otherwise I will incorporate the same whenever I have time.--221.134.144.67 13:51, 20 October 2005 (UTC)sanjiv

Yes that would be a good idea, please do it if you can. I don't know a whole lot about that integration. As far as the links I added IRM, but I've never heard of erisk. It looks to me like just another risk consulting company. It would have to be especially prominent to warrant inclusion. Do you have something justifying that prominence? - Taxman Talk 15:33, 20 October 2005 (UTC)

Decisions about the selection and implementation of risk management measures should include an evaluation of the Return On Investment (ROI), or the cost/benefit. I believe that a discussion of this topic should be included. Should I undertake to do so? --BigAppleBob 15:09, 12 October 2006 (UTC)

[edit] Replacement of material

An anon basically replaced the article with what I think is overall poorer material as shown in this diff. I've reverted, but the material the anon added isn't too bad in some cases. It didn't however make for a better written and properly focused and balanced article. It would be worth going through the material and seeing what is worth integrating back in. - Taxman Talk 15:33, 20 October 2005 (UTC)

[edit] Links to other topics

Added a few links to the text about business continuity planning, the concept of risk and degree training programs (a few more programs should be added over there). Also wrote a topic to explain a bit the differences and similarities between BCP and risk management practices. Please read through and correct me as you see fit. --Pakoistinen 10:06, 8 February 2006 (UTC)

[edit] Merge with emergency management

An article about emergency management also exists. I propose, since risk management and emergency management are essentially the same thing, this article be merged into the emergency management article and a re-direct be placed here.-- backburner001 00:28, 20 March 2006 (UTC)

They're not the same thing. For example one massively important example of risk management is managing financial risk. There are lots of others. Emergency management is just one particular case. I very strongly suggest they remain separate articles. Pcb21 Pete 11:51, 4 April 2006 (UTC)
I agree that emergency management and risk management are substantially different. These entries should remain separate. hogayoga

http://en.wikipedia.org/w/index.php?title=Talk:Risk_management&action=edit Editing Talk:Risk management - Wikipedia, the free encyclopedia

[edit] About Further reading

There has been some to-ing and fro-ing about some articles in the Further reading section. The "three main standards that cover risk management" relate to an Australia/New Zealand standard. The web site cited at http://www.sia.com.au/ relates to stone (rocks, geology) and not finance. I guess that the person had http://www.sia.edu.au/ - this was the Securities Institute of Australia but is no more, as it merged in 2005 to create FINSIA. The PDFs referred do not appear in a public part of their website. Nor could I find them at http://www.saiglobal.com/ where an earlier revision suggested I might look. Therefore, I am going to remove the reference to the PDFs and add a qualifier that the standards are AU/NZ ones. Ringbark 15:05, 9 May 2006 (UTC)

[edit] A Possible Add for Risk Management Information Systems (RMIS)

Was hoping it would be cool to do a write up on Risk Management Information Systems (RMIS) and add a corresponding link to such a subtopic. RMIS are used primarily around business insurance program risk management (ala claims management, actuarial analysis, policy management, etc) but also for treasury operations as well (cash management, operational risk, etc) Just wanted to see if this was cool to do with group before posting up? TopiarydanTopiarydan 18:00, 25 May 2006 (UTC)

Would be great! Might want to get a short preview of it up fairly quickly - redlinked items are usually removed from the 'see also' list. Kuru talk 14:54, 28 June 2006 (UTC)

[edit] Risk Management Associations / Edit wars

As most people here will know, there have been acrimonious disputes between GARP members and PRMIA members over the years. Repeatedly, we see edit wars where one or other is removed from the article, and I believe that the same is happening to the cerification programs. As far as I am aware, PRMIA and GARP are both still active organisations; PRM and FRM are both still active certification programs. Even though I favour one of these over the other, I recognise that this is a personal view, and will support the right of the other one to exist and promote itself. Ringbark 08:30, 30 November 2006 (UTC)

[edit] Please Confirm This Book

Can someone provide the correct ISBN for this work?

  • Alijoyo, Antonius (2004). Focused Enterprise Risk Management (1st ed.). PT Ray Indonesia, Jakarta. 

The ISBN currently in the article is incorrect (it is too long). I easily find references to the author, F. Antonius Alijoyo, but just not to this book. Keesiewonder talk 02:04, 3 February 2007 (UTC)

  • I have removed the invalid number. It would still seem important to verify the existence of the book. --DRoll 05:55, 3 February 2007 (UTC)
I would actually question how it is being used as a 'reference' in the article. It was added here without any other material being added and the editor never made another edit. Kuru talk 06:18, 3 February 2007 (UTC)
I noticed that as well; feels like we should just remove the reference. Keesiewonder talk 10:19, 3 February 2007 (UTC)

[edit] External links - linkfarm

I propose removing almost the entire section per WP:EL, WP:SPAM, and WP:NOT#LINK. Currently, this section is a very large linkfarm, created without concern for the appropriate guidelines and policies. After a quick review of the links, I see a few in the "Others" section worth saving. --Ronz 17:00, 21 March 2007 (UTC)

[edit] Disaster Risk Management

Please give me stuff in about 5 pages my server was down and the deadline is 11:59 today —The preceding unsigned comment was added by 217.15.123.166 (talk) 17:41, 30 March 2007 (UTC).

[edit] Rissue

Hi - I'm new to Wikipedia so hopefully this is the right place to get some feedback on a concept and term that I have developed over a number of years delivering large scale IT projects.

The term is "rissue"and its definition is: "a project risk or issue that requires effort to address it".

I have provided some more information which encapsulate why I believe rissues are arguably more important than addressing risks and issues individually.

I look forward to your feedback and please advise if this type of discussion should be held elsewhere.

Kind regards, Mattheww nz 08:04, 19 July 2007 (UTC)


Rissue: Definition ~ "a project risk or issue that requires effort to address it".

Project management theory Project management theory is often presented as being fundamentally based around the project priority triangle. This consists of three key components: time, cost and quality. This theory is advocated by many project management practitioners and organisations including. If any element of a project is to change, then one of these three elements must adjust, i.e. if you want improved quality in the same amount of time then cost must increase.

Risk management To ensure projects are delivered on time, to cost and to the required quality it is imperative that risk and issue management is addressed to prevent changes having an adverse effect on these three elements.

However, the author believes that the process of managing risks and issues on large complex projects can often become a risk and issue in itself. This is due to spending time trying to categorise items and focusing on the wrong risks and issues.

Risks and issues A risk is typically defined as an issue that has not yet eventuated. An issue is a risk that has eventuated. These definitions while useful for categorising the state of a problem or perceived problem do not necessarily provide a Project Manager with the information that they need.

The key is for a Project Manager to know what they need to focus on. A risk that has a high probability of occurring and will have a large impact on the project is arguably more important than an issue that has a low impact on the project. Risks and issues must be stack ranked. So if the categorisation of a potential problem or problem as a risk or issue isn't important then what is?

Effort to address The most important thing that needs to be addressed is whether a potential problem or problem, i.e. a risk or issue, requires any effort to be expended to address it.

Taking the example of a risk that has a high probability of occurring and will have a large impact on the project versus an issue that has a low impact on the project, the former may require action whereas the latter does not.

Rissues This is where the concept of a "Rissue" has evolved. The definition of a "rissue" is "a project risk or issue that requires effort to address it".

The list of project rissue register is much easier to prioritise and manage which helps provide clarity to all to help ensure the successful delivery of projects.

Wikipedia is not a place to promote your own work. If this is a term and concept you have developed, go write some books about it or something. Get it published elsewhere first and it might be appropriate for inclusion in an encyclopedia. Friday (talk) 19:21, 19 July 2007 (UTC)

[edit] Risk equalization

I notice that PM Master removed a recently added piece I added on risk equalization at market level. You seem to think that this is not risk management, presumably because it is not what most individuals or companies that face risks do. But I would argue that at the level of society this is a risk management process because it is intended to share risks (or stricly speaking the cost burden of unevenly distributed risks) amongs all members of society by a financial re-allocation of insured risks known as risk equalization. It is not that much different from re-insurance which is another risk management strategy. It may not fit into the textbook definition that was given above it in the text that was referred to above the entry but then writer of that text did not write the definitive text on risk management for all time. And I did seperate that entry from the other risk management processes

If PM Master or other editors do not think this is risk management, please tell me what you think it is and where it should be explained in WP. To me Risk Management is exactly the right context for this. If nobody responds to this request I will simply add the entry back. I am by profession a banker and a projects manager so the concept of risk management is hardly unknown to me! --Tom (talk) 13:37, 22 January 2008 (UTC)

Hi Tom... Don't get me wrong, I think the information that you contributed is great, however, it doesn't really flow with the current subject. I see you already created an entry for this, the best thing in my opinion is to add a link to Risk equalization in the "See also" section. Pm master 21:26, 22 January 2008 (UTC) —Preceding unsigned comment added by Pm master (talkcontribs)
Sorry, but please explain what you mean by "flow". Are you saying that it is a form of risk management but it does not slide in nicely with what went previously? Or are you saying it has no place being discussed in the article because Risk equalization is NOT a form of Risk management? --Tom (talk) 22:27, 24 January 2008 (UTC)
Well, I have waited for reply and not received one. I disagree with your decision to delete the text and have therefore reinstated it. If you disagree with this decision still perhaps we can discuss this further here before a decision is made one way or another. --Tom (talk) 05:33, 30 January 2008 (UTC)
No please, this is your decision, not mine. The text does not belong here. Until now this article has been very clean, we don't want another Leadership article full of incoherent ideas. Please add a link to the article that you created in the "See Also" section, and do not duplicate it here, thanks. If you think I'm wrong, then feel free to request assistance from administrators. The content is very specific and does not belong in this article.Pm master 12:47, 30 January 2008 (UTC)
Just to make my point, searching for "Risk equalization" on Google (with the quotes) returns 2,640 results, while searching for any risk treatment in the article yields no less than 100,000 results (one returning more than a million, and another one 500,000). Clearly your edit does not fit here as a 5th risk treatment. The problem is that if this edit happens, it's going to open the door for a lot of irrelevant, incoherent, and specific material to be sneaked into the article, which will turn it into another Leadership article (check it to see what I mean), where everyone is throwing his/her own theory about issues. I have the utmost respect for your contribution, but this is not the place, you already created the article (which, afaik, was on speedy deletion, but yet survived). In case you see the information really relevant, please add a link to your article in the "See Also" list.Pm master 13:10, 30 January 2008 (UTC) —Preceding unsigned comment added by Pm master (talkcontribs)
The Google search numbers are irrelevant. And the speedy delete was removed because the person that placed that marker re-thought about it at my request and decided that it was wrong to delete. I am not throwing in a personal theory and I somewhat object to the claim that I am. Risk equalization is not a theory.. its practiced in several places where the burden of risk is to be shared between many risk holders. I did ask you tell me what this is if it is not a form of risk management and you have not answered. As for Leadership, WP is about collaboration which means that we try to strike a balance by discussing issues here and constructing a way out. Your instance on this being put in "See Also" seems to me like you are trying to take a leadership role and trying to direct the shape of the article. Please respect my attempt to contribute to the article. Please answer my question. If Risk equalization is not about risk management, then what is it? To me it seems to be just as much about managing risk disribution as insurance and re-insurance is. --Tom (talk) 16:39, 30 January 2008 (UTC)
Hi! Risk Management, in all major references, does not include a 5th risk treatment. As I said, your contributions are more than welcome, and I already answered your question multiple times, your technique is very specific (in both countries and domain) and should not be included in this article, otherwise we'd wind up with another Leadership article, a long, incoherent, and useless article. Google results determine how important/general each risk management technique is, so they are very relevant. Please let's try out best to keep this article a clean, coherent one. Risk Equalization is about Risk Management, but so are dozens of articles in the "See Also" section, and yet they're not mentioned anywhere in the article itself. Thanks again for your contribution, and please add a link in the "See Also" if you definitely think it should be mentioned in this article. Pm master 19:50, 30 January 2008 (UTC) —Preceding unsigned comment added by Pm master (talkcontribs)
One last thing Tom, please let's continue this conversation on either my talk page or yours. Pm master 02:20, 31 January 2008 (UTC) —Preceding unsigned comment added by Pm master (talkcontribs)

[edit] Outsourcing as risk transfer?

Since when has outsourcing been a process in risk transfer? I disagree completely with the statement in the article about outsourcing. Outsourcing in the sense described in the text and linked article is about risk mitigation rather than risk transfer. You may move the day to day management of risks to another company but fundamentally you still own the risk that the outsourcer manages for you. A firm may believe that the outsourcer has better management and control over specialized facilities which the outsourcer provides, but this is risk reduction, not risk transfer. Any company or project manager regarding this as risk transfer deserves to fail. I am afraid to change it though, in case I am accused of writing a leadership article (whatever the heck that means!) or in case it does not agree with the text books I need to refer to before I can begin editing. --Tom (talk) 00:36, 1 February 2008 (UTC)

Hi Tom! I'm OK with what you're saying. It doesn't make much sense for me either. --Pm master 11:41, 1 February 2008 (UTC) —Preceding unsigned comment added by Pm master (talkcontribs)

[edit] Risk treatments and Risk management plan

I find not very good balance and logic between "Potential risk treatments" and "Risk management plan".. The former is ok: risks can be treated several ways. And risk treatment does not need to limit to only alternatives of defending nature. Identified risks can be taken as challenges for development of organization, its products etc.

In "Risk management plan", "Implementation" ,and, "Review and evaluation of the plan" the scope is narrow, and text written here is valid for only one risk treatment alternative: "Risk reduction". It is confusing to speak here about controls. In COSO-ERM controls exist to ensure that risk treatment is cartried out as decided, otherwiase controls belong to internal control vocabulary.

I propose that "Risk management plan", "Implementation" ,and, "Review and evaluation of the plan" chapters are deleted. —Preceding unsigned comment added by F2s (talkcontribs) 16:26, 24 April 2008 (UTC)