Hi David, Thank you for your explanations and content that has helped simplify the Risk domain for so many of us. My question was related to how you sometimes frame the RM process saying "causes are definite events or facts and should not be the focus of how we manage risk"...this may apply to certain types of risks that we cannot influence e.g. Risks related to natural or external threats like floods, earthquakes, regulatory, war, pandemic! We cannot influence these directly as the causes are not within our control. We are trying more so to reduce the impacts or severity of the risk, were it to materialize. However there are other risk types where we can reduce the probability of the risk occurring if we were to reduce or eliminate the causes of those risks e.g. vulnerabilities in our system that can lead to intruders (cyber or physical). If we can reduce or eliminate those causes the chances of the risk occurring are much less. In such cases we should be concerned with the causes...how can we reconcile your risk management definition with this approach? Thank you!
@Risk-Doctor
2 жыл бұрын
Thanks for this great comment and question - and sorry for the very long delay in my reply. I didn't see your comment until now. This video is about how to describe a risk clearly. I'm saying here that we should be focusing our attention on the RISK in the cause-risk-effect chain, so that we know what risk we're trying to manage. But when we come to develop effective responses, we can tackle any one of these three elements. As you say, if we can remove a cause of risk, then the risk cannot happen and it is avoided. If we weaken a cause, then we reduce the probability of the risk occuring. Or we can consider the effect, and deveop fallback or contingency plans to deal with the effect if the risk occurs. I hope this clarifies, and thanks for your question - and sorry again for the late response.
@TheFarhanatiq
2 жыл бұрын
@@Risk-Doctor Thank you David! Very clear now.
@andrewchang3667
4 жыл бұрын
Dear Doctor, your videos are incredibly informative and I thank you. I am confused about one thing: ISO 31000 defines risk as the "effect of uncertainty on objectives" but in this video you separate the cause, risk, and effect. As you made clear, "late delivery" is the effect but it is not a risk because "late delivery" is not an uncertainty. Instead, "late delivery" is something that would happen if the risk is not mitigated. Why does the ISO 31000 definition define risk as the "effect"? I prefer your definition of risk which is "uncertainty that matters" because it is much more clear. Did you create your own definition of risk because the ISO 31000 definition is unclear?
@Risk-Doctor
4 жыл бұрын
Hi Andrew, thanks for your perceptive and interesting question. You're right that there's a subtle difference between the way I define and describe risk in this video and the definition of risk in ISO31000:2018. First let me be clear about timing. The initial version of ISO31000 was published in 2009, with the current update in 2018. I first described risk using the cause-risk-effect structure in an article published in September 2000. So no, I didn't create my own definition of risk because I disagreed with ISO31000 !! I did that almost ten years earlier!!! But I do disagree with the ISO31000 definition of risk, for the reason you highlight. When ISO31000 says risk is "effect of uncertainty on objectives", it is clearly associating the risk with the effect. It says that uncertainty exists, and it can have an effect on objectives, and I agree with both those statements. But in my opinion,the ISO31000 definition has the elements in the wrong order. ISO31000 says "risk is the effect" that uncertainty has on objectives. I say no, "risk is uncertainty" that has an effect on objectives. Most people would agree that one key characteristic of risk is that it is uncertain. So risk is a type of uncertainty. But not all uncertainties are relevant to my specific objectives. The only uncertainties that pose a risk to me are the ones that would affect my objectives if they happened. Other uncertainties that would not affect my objectives are irrelevant to me (although they mght be important for someone else). This is why I define risk as "uncertainty that matters". Risks are uncertain, and they matter because they would affect objectives if they occurred. This is also why we need to separate the risk from its potential effect on objectives. And that's why I deveoped the risk metalanguage three-part risk description format, to separate cause-risk-effect. I hope this is clear and helpful, and thanks again for a great question.
@andrewchang3667
4 жыл бұрын
@@Risk-Doctor Yes, thank you, Doctor! That clarifies it for me. I definitely prefer your definition of risk...many thanks
@zulkifleeah7889
4 жыл бұрын
Doctor, your definition is definitely enlightening and easier to understand. I found it difficult to understand others delivery until i heard yours. Thank you very much.
@Risk-Doctor
4 жыл бұрын
@@zulkifleeah7889 Thank you for this encouraging feedback. I'm glad I was able to be helpful.
@motediwamachelle8732
4 жыл бұрын
Dr if I have a project with unexperience risk management team,is that mean the project is at risk?
@Risk-Doctor
4 жыл бұрын
Yes!!
@omercivileng9046
Жыл бұрын
Amazing amazing amazing
@Risk-Doctor
Жыл бұрын
Thank you so much 😀
@ShawnAref
3 жыл бұрын
Ahh Haaa moment..... Thanks Dr.
@Risk-Doctor
3 жыл бұрын
I'm glad you had a moment of revelation and inspiration!!
Пікірлер: 16