I couldn’t resist drawing this picture in the morning. This is all you need to know about current risk management best practices, COSO ERM 2017 and ISO31000 2018.
Yes, the new standards/frameworks and best practices are BETTER than just doing a list of risks. And if it was 2005 I would be super excited. But it’s not. In 2017 most risk managers I know use at least some form of risk modelling, decision trees, scenarios and simulations. These tools have been around since 1970s and outperform all current “best practices” by a landslide. NASA did a fun study – engineers with qualitative risk tools VS accountants with quantitative risk tools. Accountants won. Can you even imagine?
The future is not PwC’s risk and performance curve, not L x C (implied in new ISO31000), not better risk profiles, not objective-centric anything. The future is AI. Make no mistake.
Check out other decision making books
RISK-ACADEMY offers online courses

ISO31000 Integrating Risk Management
Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.