• ⇤
• ⇽
• ≡
• ⇾
• ⇥

beyond risk-listing and the ISO31k diagram

the journal of Michael Werneburg

twenty-seven years and one million words

Matthew Leitch is a risk management researcher in the UK I've leaned on more than once when I needed guidance. He's produced an analysis of the basic diagram in ISO 31000, the "standard" for risk management from that body. Mr. Leitch demonstrates the limitations of the ISO 31k methodology as a) being based on risk listing, and in so doing needlessly and fruitlessly abstracting "risk management" into an easy but pointless side-show and b) logically incomplete and – despite its simplicity – difficult to follow. To do so, he derives a diagram that's nearly as simple as the ISO 31k flow, but which addresses risk as part of the decision-making process. This, he believes, is a much more natural and useful setting.

I used one of Leitch's books in my dissertation studies, to help depict connections from internal control to risk culture and to consistency of service delivery. I've also referenced his work earlier in my own struggles to escape the risk-listing gravity well. I believe he's right, and will be following his work on the subject.