top of page
  • Writer's pictureWinston Peng

A Noob's Guide to Risk Management

Updated: Apr 25, 2019



Here is a simple way to understand risk management. Forget about the textbook, standards and jargon. If you can get this, you're ready to manage risks.


The Elements of Risk

  1. Politics - mass influences on policy shifts.

  2. Economics - competition for wealth.

  3. Social - way of life and equality.

  4. Technology - new tools and methods.

  5. Environment - biosphere. Nature's living and non-living things.

  6. Legal - boundaries of allowable actions.


The Components of Risk

  1. Risk - future results that you might not like.

  2. Sources of Risk - any object or action that can cause distress.

  3. Causes of Risk - when your control mechanisms fail to make your sources of risk behave properly.

  4. Risk Event - a happening you can detect with your five senses or what the computer sensors tell you. And you don't like it.

  5. Risk Consequence - the final happening that carry dollar losses.

  6. Risk Causality - chain of risk events.


Measuring Risk

  1. Possibility - any event that can happen.

  2. Probability - chances of an event happening.

  3. Impact - dollar losses itself.

  4. Risk Appetite - how aggressive you are in pursuing risks.

  5. Risk Tolerance - how strong is your defense and resilience.

  6. Risk Severity - how bad is the situation relative to your tolerance.


Managing Risk

  1. Risk Identification - hunting down and sorting risks by component.

  2. Risk Analysis - measuring the risks you have identified.

  3. Risk Evaluation - deciding what to do with risk.

  4. Risk Assessment = Risk Identification + Risk Analysis + Risk Evaluation

  5. Risk Treatment - finding ways to reduce risk.

  6. Innovation - exercising creative ways to treat risks. Solution must be generally accepted by stakeholders. Otherwise it is mere creativity, not innovation.


How do Risks Manifest?


Things are created to serve a purpose. People design tools, systems and structures to make them functional. Being functional means meeting their purpose without breaking down. But man-made products suffer wear and tear and impact from external factors. Eventually, a cause of risk would activate. A control fail to control. At this stage we may not realise it yet. This is because sensors are not placed at every process checkpoint at micro levels. It is impractical to do so.


Soon, one part stops to function properly and the problem spreads through the system. A person or machine detects the failure. What you have just detected is the manifestation of risk event.


Through causality principles, risk events undergo chain reactions to affect other areas. That is why we see a problem that started with a small device on a plane eventually caused the entire plane to crash.


The Most Important Features in Risk Management


For an effective risk management, you must have 5 key features in your risk model:

  • causality map - to allow you to chain events and visualize their spread.

  • probability measures - you need real statistics.

  • impact estimates - this helps you measure your risk management performance.

  • risk movement - you must know how your risks evolve. This allows you to predict problems.

  • innovation - you need a more formal concept and tool to solve problems, not figure things out of thin air. Brainstorming help in creative ideas. You need more than creativity to innovate.

This sums up the basics of risk management. If you understand these base concepts, you have what it takes to be a risk manager.


141 views2 comments

2 Kommentare


Winston Peng
Winston Peng
25. Apr. 2019

Here is my response to your Boeing observation: 1) Causality Map. You are correct. We could say that the causality map may not have included detailed event chains about auto trimming. Even if these possible events were captured, the question is if there was proper deliberation. 2) Statistics. Yes. If causality map is incomplete, events that were not captured would not have undergone risk modelling. Probability models like Monte Carlo or Bayes predict failures by considering these input. Incomplete input renders weaker output. 3) The impact, consequences. Yes, agree. Aircraft designers like Boeing should evaluate the consequences of air crashes on international markets and politics. Air travel is a subject of public interest. Public opinion and perception matters as much as technical or…


Gefällt mir

Chee Chang Su
Chee Chang Su
24. Apr. 2019

Can I make an assumption that Boeing did not apply their risk assessment into their B737 max design? I am making that assumption based on what I read from the report of the last 2 crashes on the preliminary findings.

1. Boeing didn’t look into the risk of MCAS ( auto trimming mechanism that trimmed the aircraft to a state of uncontrollable situation) = causality map.

2. Did not have the statistics to show tthe possibility of over trimmed aircraft ( likely caused is the changing of larger engines that caused the balancing of the centre of gravity) = probability measures.

3. Impact of an over trimmed situation on the controllability of the aircraft and if Pilots are able to…


Gefällt mir
bottom of page