The ABCs of Risk Management

Risk management appears as something that is mystical and cryptic. Just read this description from Wikipedia:

“Risk management is the identification, assessment, and prioritisation of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimise, monitor, and control the probability and/or impact of unfortunate events or to maximise the realisation of opportunities. Risk management’s objective is to assure uncertainty does not deflect the endeavour from the business goals.”

It's not as difficult to understand risk assessment as it seems. Basically, risk management is necessary to prepare for known risks, and it can be done in many ways. To choose a correct way, a case-specific evaluation is required, including evaluating the type and the severity of the risk. In this text, we will categorise risk and go over your options for managing the risks.

Categorising Risks

Risks can be categorised in many ways, though categorisation isn’t always necessary. Broad categorisation is usually done between damage risks and business risks.

Damage risks are harmful and unexpected events or chains of events that are caused by human mistakes, environment, and/or malfunctioning or broken devices or systems. Business risks consist of business investments where the counterbalance of potential reward is the business’ failure. Therefore, business risk usually has a positive counterpart, while damage risk doesn’t.

That’s why damage risks are perceived as the target for risk assessment. Damage risks can be categorised by the cause, the environment, or the action. The risk can be caused by nature, humans, buildings, devices, etc. The risks found in a specific environment can be caused by the same factor, but their effects or the ways to manage them can be different. For example, managing a forest fire is different than managing an attic fire.

Options for Managing Risks

Quick version: Can you remove the risk? If not, can you decrease the probability of the risk or the severity of the consequences? If that isn’t possible, can you transfer the risk? And if that doesn’t work, you can always accept the risk.

Explanation: My risk is to crash my car on my way to work. I have removed the risk by using public transport. I also have a risk of being late to my meetings. I’ve reduced the probability of being late by leaving for my meetings a bit earlier. However, if I’m about to be late, I notify the person I’m having the meeting with. This is a way to diminish the severity of the consequences.

After the meeting, I’m walking on the street and accidentally knock over a ladder that a worker is standing on. The risk is that I could be accused of causing damage and be held legally responsible. This is why I’ve transferred the risk regarding the costs by insuring myself with liability insurance. When I come home late, I have the risk of getting a scowl in my direction. I’ve accepted that risk.

We will familiarise you even more with risk assessment in our following texts.

For more on how you can be ahead of risks, implement VUCA in your life. 

Safety KPI's are the core of risk management. Download our free guide:

New Call-to-action


We're a tech company with a passion for helping our customers adapt to the fast changing VUCA world. We're doing that by developing easy-to-use SaaS products that make gathering, managing and analysing field information as easy as possible for the end users. Remove gatekeepers, go horizontal and learn from your mistakes before they actually happen. More info at

Safety Management Risk Management

Eetu Kirsi

Chief Business Development Officer