If you want to improve risk/uncertainty management in an organization there are at least three main approaches to consider:
Improve the risk management behaviour of individuals (mainly through nudges, coaching, training, rewards, selection, and promotion).
Improve the ways of working used in the organization for relevant activities such as planning, design, and other decision-making, through a wide variety of changes and implementation arrangements.
Introduce separate processes dedicated to managing risk or reviewing risk (often remedial or for independent review).
The material below focuses on the second approach, that of (re)designing the ways people work so that they manage risk/uncertainty better. There is also some material on the first approach, though most of this is on another page of this website that focuses on skills for key situations, especially at work.
There are many ways to improve ways of working but the starting point is to realise that uncertainty is only one factor driving your choices of working method.
Intelligent internal control and risk management, a book by Matthew Leitch
At the moment there is no book called Working In Uncertainty that explains the perspective. However, my first book has a lot of useful material in it. Staying within the risk control perspective and language it extends the concept of a ‘control’ and integrates risk management with internal control in a simple way. What this book calls ‘intelligent controls’ are typical of the changes to core management activities that improve performance in uncertainty. Part 2 is a collection of 60 controls that most organizations should use much more, including many intelligent controls.
Getting beyond Risk Listing
Managing risks is not the same thing as making a list of risks and then trying to do something about them. (One of my surveys confirms almost everyone agrees on this point, so probably you do too.) Until the early 1990s the idea of listing risks was virtually unheard of, while a huge amount of work had gone into developing better ways to make decisions, make plans, and do design under uncertainty. The Risk Listing idea has been promoted strongly by some powerful groups and now dominates thinking about risk in some specific areas, notably: corporate regulation, audit, and project management.
This is a pity because you probably would prefer to be doing something else (almost everyone would according to my surveys). Pushing this unpopular bureaucracy has blighted the working lives of countless thousands of auditors, corporate risk managers, and project risk managers, to say nothing of the vast army of other managers pushed to go through this tedious procedure. Yes, it's better than nothing, sometimes. But that's not enough is it. Almost nobody who does Risk Listing chose that method freely and almost all who do it would opt out if they were given a choice.
I have been trying hard for several years to turn back the tide of Risk Listing but it's not easy. What keeps me going is the certain knowledge that most people would prefer to manage risk in other ways and would be more successful doing so.
Hundreds of people receive notification of new publications every month. They include company directors, heads of finance, of internal audit, of risk management, and of internal control, professors, and other influential authors and researchers.