I couldn’t resist drawing this picture in the morning. This is all you need to know about current risk management best practices, COSO ERM 2017 and ISO31000 2018.
Yes, the new standards/frameworks and best practices are BETTER than just doing a list of risks. And if it was 2005 I would be super excited. But it’s not. In 2017 most risk managers I know use at least some form of risk modelling, decision trees, scenarios and simulations. These tools have been around since 1970s and outperform all current “best practices” by a landslide. NASA did a fun study – engineers with qualitative risk tools VS accountants with quantitative risk tools. Accountants won. Can you even imagine?
The future is not PwC’s risk and performance curve, not L x C (implied in new ISO31000), not better risk profiles, not objective-centric anything. The future is AI. Make no mistake.