The ‘Risk Management’ Millstone

Risk management’ is a much-heard expression these days. Despite having no consistent meaning or form, organisations are encouraged by its advocates (often to earn their living) to adopt its complicated structures and language, ostensibly to address uncertainty. And yet, despite the investment and inconvenience that is involved in pursuing ‘risk management’, achieving sufficient certainty is seldom the result.

It has only been in the past few decades, and even then, rather by accident, that some of the ideas and practices to improve decision-making, acquired the label of ‘risk management’. An explanation for these particular words lies in the practice of insurers – probably the earliest source of institutional advocacy for improved decision-making – to refer to whatever was being insured as ‘the risk’[1].

In advocating different approaches to decision-making (for example, in the choice of building materials) insurers sought to change ‘the risk’ to their advantage. They did this via client selection, incentive pricing and policy wording to make the outcome of their contracts with their clients more predictable. With greater certainty about what might happen, insurers could be more confident that their price (i.e. the ‘premium’) would allow them to still make a profit after paying the claims made against them.

By describing the myriad of practices that they were coercing their clients to adopt as ‘risk management’, insurers shifted the focus from their own interest to something ostensibly associated with their client’s management of their organisation. Furthermore, this new compound noun, ‘risk management’ acquired the appearance of something of substance that was tangible, definitive, beneficial and noble.

The ‘risk management’ label caught on, and in a generally random way, became adopted by others such as legislators, regulators, and advocacy groups to label their own decision-making ‘wisdom’.

The ‘risk management’ expression was also seized on by consultants because it provided the illusion of something of substance and authority which could therefore be sold to their clients in the form of advisory services.

What does ‘risk management’ mean?

In the same way that the ‘risk management’ label became attached to many different ideas, so too, inevitably, did the word ‘risk’ acquire many meanings[2]. This created the odd situation that the core word of an increasingly popular, yet ill-defined, expression was effectively meaningless – as was the expression itself!

Hence, rather than being a descriptor of a solid foundation of tested academic endeavour, the expression ‘risk management’ has never been much more than an informal label for diverse, constantly changing and often conflicting concepts and methods that are vaguely related to uncertainty.

Confronted with this problem, ‘risk management’ champions appear to have adopted the same approach as that of Humpty Dumpty in his conversation with Alice (see following box).

“When I use a word”, Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean — neither more nor less.” “The question is, “said Alice, “whether you can make words mean so many different things.” “The question is,” said Humpty Dumpty, “which is to be master — that’s all?”

Through the Looking Glass by Lewis Carroll

At the heart of the problem is that it has been the advocates of ‘risk management’, rather than the organisations and their Deciders at which it is targeted, who have become ‘master’.

Presentation at RAW 2019

Last year Roger and Grant made a presentation at Risk Awareness Week (RAW) 2019 on the ‘Risk Management’ Millstone. You can see this presentation here.


[1] This is why, when an insurer agrees to provide insurance, they describe themselves as being “on risk”.

[2] Curiously, by the 1990’s, many disciples of ‘risk management’ insisted that it had nothing to do with insurance!