How to move from risk management to risk-based management

According to the ISO 31000:2009, principles risk management should be an integral part of organisational processes and decision making. Picking up on that important point, risk management should be seen as a management tool designed to improve planning, budgeting, performance management and other core business processes. Risk management also helps management to make more informed business decisions about achieving strategic or operational goals and sometimes may even highlight the need to change the strategy altogether due to an unacceptable level of risk.

Below are just some of the practical ideas to help integrate risk management:

  • Document appetites / tolerances for different risk types in the relevant Board level policies and procedures instead of creating separate risk appetite statements;
  • Identify significant risks and assess their impact on the Company’s business plan and budget;
  • Run risk simulation to determine realistic strategic or operational KPI values;
  • Run risk simulation to determine key budget constraints;
  • Integrate risk analysis into key management, investment and project decisions;
  • Remunerate management based on risk-adjusted performance measures.

Effective risk management increases management confidence in achieving objectives, reduces uncertainty and helps make informed, risk-based decisions. In this section, we provide examples of how risk management can be integrated into:

  • Strategic planning;
  • Budgeting;
  • Performance management;
  • Decision making.




Watch more free risk management videos on or subscrive to RISK-ACADEMY youtube channel

RISK-ACADEMY offers online courses


Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!


ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.


Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.


One thought on “How to move from risk management to risk-based management

  1. Innovation is an obvious process where you can and should integrate risk. It is inherently risky and is gaining high visibility in organisations as they seek ways to fend off disruptors and be less reliant on specific sectors/products. It is typically an activity where you may find a gap in terms of risk appetite parameters not being clear. Do not do as I initially did and define a separate appetite statement but integrate the parameters into the innovation strategy/policies. Appetite can be defined in terms of desired % split of core, adjacent and new initiatives. Risk can be integrated into the evaluation process relating to an initiative via having a stage gate phased approach to the evaluation and weaving risk mgt process considerations into the phases. Rgs

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.