One of the things that first got me thinking more constructively about risk management was the problem of how to best deal with risk and uncertainty. In 2014 I wrote about how to think about risk differently, which led to finding better ways to deal with it. Since then I’ve written about creating opportunities, seeking … Continue reading
I’ve written before about not regarding uncertainty and risk as things with a single probability and a single measure of impact. I called these “point risks”, as such a fictitious event sits at a single point on a chart. Now I’m happy to learn that a paper entitled “Cost of Data Breach Study”, by Ponemon … Continue reading
There’s a subtle idea around risk management that I’ve come to understand, and which Norman Marks repeats often: “It’s not about managing risk. It’s about managing the organization for success!” I say it’s subtle because I occasionally get it wrong, and it seems well-known organisations do, too, which is what Norman is complaining about in … Continue reading
Often in a work environment I find I’m faced with difficult problems, and while I manage to find ways to move forward, I do this without knowing exactly what the end state should look like. An example of such a problem might be agreeing the best process for something within a team, or a company. … Continue reading
Last week, two days in succession, I had cause to solve a problem using impact estimation tables. Unfortunately this technique is not widely known, so I thought I’d have a quick pass at explaining it. For many more details—beyond the simplicity of the description below—you really need to see the work of Tom Gilb, who … Continue reading
This week I came across a real world example of an uncertainty that became more polarised—an event caused the outcome to be more likely to go to one extreme or the other, and less likely to be middling. I realised it when someone asked if I thought David Davis’s resignation was a good thing or … Continue reading
The other day a developer in my team asked, “So what’s your plan for…” and then described a particular organisational and technical challenge that several of us had been discussing on and off for a while. It was something that I was pushing forward, but I didn’t have all the answers yet. Of course, I … Continue reading
If you want a process for managing risk, then ISO 31000, “Risk management — Guidelines” is probably not going to help you. I’ve been looking at ISO 31000, because although I’ve been reading a lot of blogs and articles by individual people about risk, I also felt it was important to understand any “official” guidance … Continue reading
When suggesting how we might deal with risk in a project or an enterprise, one of the common options that’s suggested is that we “transfer” the risk. (Other options include to accept it, reduce it, or avoid it.) And a common example of what it means to transfer the risk is taking out insurance. Then … Continue reading
I came across an article the other day by Martin Davies, explaining how important it is to visualise risk and uncertainty. A couple of weeks ago I wrote about visualising cause and effect. Martin emphasises the value of visualing uncertainty as a probability density curve, which I’ve also discussed before, and he uses the programming … Continue reading
