Working In Uncertainty

Improve an organization

If you want to improve risk/uncertainty management in an organization there are at least three main approaches to consider:

  1. Improve the risk management behaviour of individuals (mainly through nudges, coaching, training, rewards, selection, and promotion).

  2. Improve the ways of working used in the organization for relevant activities such as planning, design, and other decision-making, through a wide variety of changes and implementation arrangements.

  3. Introduce separate processes dedicated to managing risk or reviewing risk (often remedial or for independent review).

The material below focuses on the second approach, that of (re)designing the ways people work so that they manage risk/uncertainty better. There is also some material on the first approach, though most of this is on another page of this website that focuses on skills for key situations, especially at work.

There are many ways to improve ways of working but the starting point is to realise that uncertainty is only one factor driving your choices of working method.

Running improvement projects

Sorting out the documentation

Ideas for improvements

Guidelines for managing uncertainty/risk:

Other ideas:

Some inspiring case studies:

A huge source of technical ideas:

Intelligent internal control and risk management, a book by Matthew Leitch

At the moment there is no book called Working In Uncertainty that explains the perspective. However, my first book has a lot of useful material in it. Staying within the risk control perspective and language it extends the concept of a ‘control’ and integrates risk management with internal control in a simple way. What this book calls ‘intelligent controls’ are typical of the changes to core management activities that improve performance in uncertainty. Part 2 is a collection of 60 controls that most organizations should use much more, including many intelligent controls.

Getting beyond Risk Listing

Managing risks is not the same thing as making a list of risks and then trying to do something about them. (One of my surveys confirms almost everyone agrees on this point, so probably you do too.) Until the early 1990s the idea of listing risks was virtually unheard of, while a huge amount of work had gone into developing better ways to make decisions, make plans, and do design under uncertainty. The Risk Listing idea has been promoted strongly by some powerful groups and now dominates thinking about risk in some specific areas, notably: corporate regulation, audit, and project management.

This is a pity because you probably would prefer to be doing something else (almost everyone would according to my surveys). Pushing this unpopular bureaucracy has blighted the working lives of countless thousands of auditors, corporate risk managers, and project risk managers, to say nothing of the vast army of other managers pushed to go through this tedious procedure. Yes, it's better than nothing, sometimes. But that's not enough is it. Almost nobody who does Risk Listing chose that method freely and almost all who do it would opt out if they were given a choice.

The problem of Risk Listing:

Sarbanes-Oxley compliance:

The problem of ‘risk appetite’


Most of these surveys explore the preferences people have for risk management and collectively their results destroy the myths that Risk Listing is popular and hard to move on from.

Responses to official consultations:

I have been trying hard for several years to turn back the tide of Risk Listing but it's not easy. What keeps me going is the certain knowledge that most people would prefer to manage risk in other ways and would be more successful doing so.


Made in England


Words © 2018 Matthew Leitch