Jump to content
  • Emerging Approaches to Risk Management

    Nadine Cranenburgh


    While conventional risk management approaches work well when all risks are foreseeable, the increased prevalence of complex and uncertain environments has led to the need for scalable, fit-for-purpose management solutions.


    Conventional risk management approaches such as ISO 31000 are limited in their guidance on controlling unpredictable risks.

    There are many classes of unpredictable risk, including:

    • Unknown risks
    • Black Swans
    • Rogue Waves

    Another challenge for conventional risk management systems is that the emphasis tends to be on identifying, measuring and treating specific risks rather than establishing internal controls to address areas of weakness and improve the resilience of systems faced with unpredictable risks.

    Conventional risk management models and standards should also be rigorously assessed to ensure they are tailored to specific projects and applications, rather than being applied in a ‘one-size-fits-all’ method.

    Emerging approaches

    Emerging approaches to risk management include:


    The content on this page was primarily sourced from:

    Edited by Nadine Cranenburgh

    User Feedback

    Recommended Comments

    An interesting ISO technical specification in the ISO22300 (Societal security) series is:    ISO/TS 22375:2018 Security and resilience — Guidelines for complexity assessment process.   This document discusses organisational complexity and how one might asses complexity to improve societal security and resilience.   

    • Like 1
    Link to comment
    Share on other sites


    Thank you Kevin, Interesting that they try do define "Complexity":

    condition of an organizational system with many diverse and autonomous but interrelated and interdependent components or parts where those parts interact with each other and with external elements in multiple end non-linear ways
    Note 1 to entry: Complexity is the characteristic of a system where behaviour cannot be determined only as the sum of individual variables behaviours.
    specific value describing the measurable or theoretical features of the elements of a system


    Link to comment
    Share on other sites

    Yes Geoff.

    The ISO definition of complexity is pretty close to the one typically used by social scientists since the mid 1960s.  The management and political sciences have needed to distinguish between complicated and complex decision systems.  In 1965, Herbert Simon described a complex system as “one made up of a large number of parts that interact in a nonsimple way.  In such systems, the whole is more than the sum of the parts, not in an ultimate, metaphysical sense, but in the important pragmatic sense that, given the properties of the parts and the laws of interaction, it is not a trivial matter to infer the properties of the whole.”  Simon was of course describing political decision systems.  

    Simon, Herbert A.  1965. The Architecture of Complexity, in General Systems Yearbook vol 10.  pp. 63-64.

    Link to comment
    Share on other sites

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...