I couldn’t resist drawing this picture in the morning. This is all you need to know about current risk management best practices, COSO ERM 2017 and ISO31000 2018.
Yes, the new standards/frameworks and best practices are BETTER than just doing a list of risks. And if it was 2005 I would be super excited. But it’s not. In 2017 most risk managers I know use at least some form of risk modelling, decision trees, scenarios and simulations. These tools have been around since 1970s and outperform all current “best practices” by a landslide. NASA did a fun study – engineers with qualitative risk tools VS accountants with quantitative risk tools. Accountants won. Can you even imagine?
The future is not PwC’s risk and performance curve, not L x C (implied in new ISO31000), not better risk profiles, not objective-centric anything. The future is AI. Make no mistake.
Check out other decision making books
RISK-ACADEMY offers online courses

Informed Risk Taking
Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!

ISO31000 Integrating Risk Management
Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.

Advanced Risk Governance
This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.