Risk Management is Dynamic, Iterative, and Responsive to Change

By Bayo Babaloa, ERMCP

Risk management is the effect of uncertainty on an organization’s set objectives.
One of the principles for effective risk management in the ISO 31000:2009 global risk management standard is that risk management should be “dynamic, iterative, and responsive to change”. It captures a number of key ingredients for the effective management of uncertainty and risk.

“Dynamic” suggests that risk management operates at the speed of the business. It is far more than the occasional, even if regular, assessment of a list of so-called top risks. “Dynamic” is when the consideration and management of risk is part of the fabric of the organization, and an element in daily decision-making and operations of the organization. It is active and essential.

“Iterative” is about a reliable set of processes and systems for identifying, assessing, evaluating, and treating risk. It means that when management makes decisions, based in part on risk information, there are proven processes and the information is reliable.

Finally, “responsive to change” is essential when risk changes at speed. Every day there is a potential surprise, a new or maybe changed situation to which the organization should at least consider responding. It could be a shift in exchange rates, a change in the government of a nation where you do business, the loss of a key customer, a new competitor etc.

Therefore, organizations must be responsive to change and agile in modifying strategy and execution at all times.