The ABCs of Risk Management

Risk management appears as something that is mystical and cryptic. Just read this description from Wikipedia:

“Risk management is the identification, assessment, and prioritisation of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimise, monitor, and control the probability and/or impact of unfortunate events or to maximise the realisation of opportunities. Risk management’s objective is to assure uncertainty does not deflect the endeavour from the business goals.”

It's not as difficult to understand risk assessment as it seems. Basically, risk management is necessary to prepare for known risks, and it can be done in many ways. To choose a correct way, a case-specific evaluation is required, including evaluating the type and the severity of the risk. In this text, we will categorise risk and go over your options for managing the risks.

Categorising Risks

Risks can be categorised in many ways, though categorisation isn’t always necessary. Broad categorisation is usually done between damage risks and business risks.

Damage risks are harmful and unexpected events or chains of events that are caused by human mistakes, environment, and/or malfunctioning or broken devices or systems. Business risks consist of business investments where the counterbalance of potential reward is the business’ failure. Therefore, business risk usually has a positive counterpart, while damage risk doesn’t.

That’s why damage risks are perceived as the target for risk assessment. Damage risks can be categorised by the cause, the environment, or the action. The risk can be caused by nature, humans, buildings, devices, etc. The risks found in a specific environment can be caused by the same factor, but their effects or the ways to manage them can be different. For example, managing a forest fire is different than managing an attic fire.

Options for Managing Risks

Quick version: Can you remove the risk? If not, can you decrease the probability of the risk or the severity of the consequences? If that isn’t possible, can you transfer the risk? And if that doesn’t work, you can always accept the risk.

Explanation: My risk is to crash my car on my way to work. I have removed the risk by using public transport. I also have a risk of being late to my meetings. I’ve reduced the probability of being late by leaving for my meetings a bit earlier. However, if I’m about to be late, I notify the person I’m having the meeting with. This is a way to diminish the severity of the consequences.

After the meeting, I’m walking on the street and accidentally knock over a ladder that a worker is standing on. The risk is that I could be accused of causing damage and be held legally responsible. This is why I’ve transferred the risk regarding the costs by insuring myself with liability insurance. When I come home late, I have the risk of getting a scowl in my direction. I’ve accepted that risk.

We will familiarise you even more with risk assessment in our following texts.

Safety KPI's are the core of risk management. Dowload our free guide:

New Call-to-action


Plan Brothers is the global leader in checktech, providing web and mobile tools for incident reporting, inspection and auditing processes for the sectors Security, Retail, Shopping Centres and Schools, Energy, Hotels and Manufacturing. More information at


Risk Management Safety Management

Eetu Kirsi

Chief Business Development Officer