Search
  • Duncan

10 signs risk management probably isn’t contributing to better performance

Updated: May 10

A lot of activities carried out under the name of ‘risk management’ are ineffective, unnecessary, and even dangerous. Here are some simple signs which could indicate that your organisation might be able to make significant improvements to how it deals with risk.


  1. There is a team producing a monthly or quarterly ‘risk report’

  2. Risks are assessed using a colourful matrix with scores such as ‘low’, ‘medium’, and ‘high’

  3. Risk managers email copies of risk registers to departments and ask them for updates

  4. The Risk Team don‘t/can’t carry out quantitative risk analyses

  5. The organisation produces a list of its top risks, but without using any numbers

  6. ‘Cybersecurity’ is listed as a top risk

  7. ‘Failure to achieve planned outcomes’ is listed as a top risk

  8. The three lines of defence is promoted as an effective model of risk management

  9. Managers don’t request any input from the risk team

  10. Internal audit fails to pick up on these issues

There are lots more, but this is a start. Let me know what you think. If you don’t understand why these are ‘bad things’ then get in touch and we’ll help explain why. And let you know what you could do to get risk management working effectively in your organisation.

18 views

Recent Posts

See All

Risk management horror stories

There are plenty of horror stories from the world of risk management out there. I’m not talking about bad decisions, poor strategies, mistakes or accidents, but rather cases where people have not thou

What risk management software?

While helping organisations strengthen their risk management arrangements we’re often asked what software do we recommend for risk management. The unfortunate fact is that there are many products out

© 2020 Risk Management Ltd 

Registered in Scotland SC618911

Registered office 43 Millside Road, Peterculter, AB14 0WG