I couldn’t resist drawing this picture in the morning. This is all you need to know about current risk management best practices, COSO ERM 2017 and ISO31000 2018.
Yes, the new standards/frameworks and best practices are BETTER than just doing a list of risks. And if it was 2005 I would be super excited. But it’s not. In 2017 most risk managers I know use at least some form of risk modelling, decision trees, scenarios and simulations. These tools have been around since 1970s and outperform all current “best practices” by a landslide. NASA did a fun study – engineers with qualitative risk tools VS accountants with quantitative risk tools. Accountants won. Can you even imagine?
Check out other risk management books
The future is not PwC’s risk and performance curve, not L x C (implied in new ISO31000), not better risk profiles, not objective-centric anything. The future is AI. Make no mistake.