A Simple Way to Understand Risk Management
- Winston Peng
- Apr 24, 2019
- 2 min read
Updated: Feb 21

Forget about textbooks, standards, and jargon. If you can grasp this, you’re ready to manage risks.
The Elements of Risk
Politics — Mass influences on policy shifts.
Economics — Competition for wealth.
Social — Culture, way of life and equality.
Technology — New tools and methods.
Environment — Biosphere: nature's living and non-living things.
Legal — Boundaries of allowable actions.
The Components of Risk
Risk — Future outcomes that you might not like.
Sources of Risk — Any object or action that can cause distress.
Causes of Risk — When your control mechanisms fail to manage sources of risk properly.
Risk Event — An occurrence you can detect and observe with your five senses, or computer sensors. It can initiate chains of events or it can occur independently with other events.
Risk Consequence — The final outcome that results in financial losses.
Risk Causality — A chain of risk events.
Measuring Risk
Possibility — Any event that can happen.
Probability — The likelihood of an event occurring.
Impact — The financial itself.
Risk Appetite — How aggressive you pursue risks.
Risk Tolerance — The strength of your defense and resilience.
Risk Severity — How bad is the situation relative to your tolerance.
Managing Risk
Risk Identification — Detecting and categorising risks.
Risk Analysis — Measuring the risks you have identified.
Risk Evaluation — Deciding how to address risk.
Risk Assessment = Risk Identification + Risk Analysis + Risk Evaluation
Risk Treatment — Finding ways to reduce risk.
Innovation — Applying creative approaches to risk treatment to develop optimized, stakeholder-accepted solutions.
How do Risks Manifest?
Everything is created to serve a purpose. People design tools, systems, and structures to ensure functionality. Being functional means fulfilling their purpose without breaking down. However, man-made products suffer from wear and tear, as well as external influences. Eventually, a source of risk malfunctions. We may not realize it yet because sensors are not placed at certain micro levels due to impracticality.
Soon, one part stops functioning properly, and the problem spreads through the system. A person or machine detects the failure. What you have just detected is the manifestation of a risk event.
Through causality principles, risk events trigger chain reactions that affect other areas. That is why a problem that starts with a small component in a complex system can eventually lead to a complete system failure.
The Most Important Features in Risk Management
For effective risk management, your model must have five key features:
Causality Map — To visualise how events interconnect and spread.
Probability Measures — You need real statistical data.
Impact Estimates — To assess financial implications and measure your risk management performance.
Risk Movement — Understanding how your risks evolveover time allows for better forecasting.
Innovation — You need structured tools and methodologies to sovle problems, not just brainstorming sessions. Creativity alone isn't enough — innovation requires systematic implementation.
This sums up the basics of risk management. If you understand these core concepts, you have what it takes to be a risk manager.
Here is my response to your Boeing observation: 1) Causality Map. You are correct. We could say that the causality map may not have included detailed event chains about auto trimming. Even if these possible events were captured, the question is if there was proper deliberation. 2) Statistics. Yes. If causality map is incomplete, events that were not captured would not have undergone risk modelling. Probability models like Monte Carlo or Bayes predict failures by considering these input. Incomplete input renders weaker output. 3) The impact, consequences. Yes, agree. Aircraft designers like Boeing should evaluate the consequences of air crashes on international markets and politics. Air travel is a subject of public interest. Public opinion and perception matters as much as technical or…
Can I make an assumption that Boeing did not apply their risk assessment into their B737 max design? I am making that assumption based on what I read from the report of the last 2 crashes on the preliminary findings.
1. Boeing didn’t look into the risk of MCAS ( auto trimming mechanism that trimmed the aircraft to a state of uncontrollable situation) = causality map.
2. Did not have the statistics to show tthe possibility of over trimmed aircraft ( likely caused is the changing of larger engines that caused the balancing of the centre of gravity) = probability measures.
3. Impact of an over trimmed situation on the controllability of the aircraft and if Pilots are able to…