Risk Management Policy: Doctrinal influences, alternates and influences on current organisational approach to management of matters labelled 'risk'

Risk management policy is influenced by organisational and individual doctrine.

That is, organisational and individual ideology shapes both policy and framing of 'risk', inclusive of how it is 'managed'.

However, few organisations and entry-level risk practitioners adequately understand or disclose doctrinal variance or alternatives, including the likely counterpart for each dominate doctrinal approach.

More problematic is that of risk management policy which is created over many years, via many stakeholders and varying leadership.

In other words, current risk management policy may be the product of many varied and past doctrinal influences and ideology.

The question for most organisation therefore is the current approach consistent with the organisation and ideology of the day?

While there is no perfect or ideal solution, it is is important as to the underlying ideology or doctrinal approach, as it influences both the practice and management or risk within an organisation.

Blame, probability, methodology, design, safety, collaboration and foreseeability all shape and influence organisations and the individuals within it.

Paradoxically, opposites or shades of variance further change the risk management paradigm.

Even using a few points of reference, it should be relatively easy to see how variance distorts and creates many alternate outcomes when it comes to the creation and maintenance of risk management policy within single or multi-layered organisations.

Resilience is also impacted by risk management policy.

In sum, risk management policy is the end product of a specific or multitude of doctrinal approaches.

Whether conscious, declared or otherwise, these ideological factors frame the management of matters labelled risk but also vary between cohorts and over time.

That is, long standing risk management policy may be the product of many past voices and ideologies, inconsistent or in conflict with current organisational culture and values.

As a result, organisations and practitioners would be better served understanding various risk management doctrine, alternates, opposing views and mapping current risk management policy to each of these standpoints, to ensure both contemporary practice but also alignment with extant organisation approach to risk at enterprise, organisational and functional levels.

Tony Ridley, MSc CSyP MSyI M.ISRM

Security, Risk & Management Sciences