Simplifying Risk Management : An Evidence-Based Approach to Creating Value for Stakeholders book cover
1st Edition

Simplifying Risk Management
An Evidence-Based Approach to Creating Value for Stakeholders

ISBN 9781032125619
Published April 25, 2022 by Productivity Press
212 Pages 21 B/W Illustrations

FREE Standard Shipping
SAVE $9.99
was $49.95
USD $39.96

Prices & shipping based on shipping country


Book Description

Recent decades have seen much greater attention paid to risk management at an organizational level, as evidenced by the proliferation of legislation, regulation, international standards and good practice guidance. The recent experience of Covid-19 has only served to heighten this attention. Growing interest in the discipline has been accompanied by significant growth in the risk management profession; but practitioners are not well served with suitable books to guide them in their work or challenge them in their professional development. This book attempts to place the practice of risk management within organizations into a broader context, looking as much at why we try to manage risk as how we try to manage risk. In doing so, it challenges two significant trends in the practice of risk management: • The treatment of risk management primarily as a compliance issue within an overall corporate governance narrative; and • The very widespread use of qualitative risk assessment tools (“heat maps” etc.) which have absolutely no proven effectiveness. Taken together, these trends have resulted in much attention being devoted to developing formalized systems for identifying and analyzing risks; but there is little evidence that this is driving practical, cost-effective efforts to actually manage risk. There appears to be a preoccupation with the risks themselves, rather than a focus on the positive actions that can (and should) be taken to benefit stakeholders. This book outlines a simple, quantitative approach to risk management which refocuses attention on treating risks; and presents choices about risk treatment as normal business decisions.

Table of Contents


  1. Risk in the Context of Organisations
  2. Trends in Risk Management
  3. Bridging the Gap Between Academics and Practitioners
  4. Terminology, References and Structure

Chapter 1: What do we Mean by Risk?

  1. Upside and Downside Risk
  2. Risk vs Uncertainty
  3. Risk to Whom?
  4. Reconciling Conflicting Interests
  5. Risk Measures
  6. Categorisation of Risks
  7. Summary

Chapter 2: Why do we try to Manage Risk?

  1. Improving Expected Outcomes
  2. Reducing The Likelihood of Extreme Events
  3. Reducing Variability in Outcomes
  4. Demonstrating Good Corporate Governance
  5. Compulsion
  6. Why do we not Manage Risk?
  7. Empirical Evidence
  8. Summary

Chapter 3: Risk Management Systems

  1. Integrated Risk Management
  2. Implementation of Integrated Risk Management Systems
  3. ISO 31000
  4. Risk Displacement and Risk Compensation
  5. Summary

Chapter 4: Scope, Context and Criteria

  1. Agreeing Risk Criteria
  2. Ownership and Delegated Authority
  3. Justifying Resources
  4. Summary

Chapter 5: Risk Assessment

  1. Risk Identification
  2. Risk Analysis
  3. Summary

Chapter 6: Risk Treatment

  1. Risk Treatment Example
  2. Combining Risk Treatments
  3. Recording and Reporting
  4. Summary

Chapter 7: Measuring the Effectiveness of Risk Management

  1. Measuring the Effectiveness of Individual Risk Treatments
  2. Estimating the Mitigating Effect on Major Disruptions
  3. Evaluating the Success of Implementation
  4. Quantifying the Overall Impact of Risk Management Programmes
  5. Taking A Pragmatic Approach to Measurement
  6. Summary

Chapter 8: Underlying Themes and Summary

  1. Is a Quantitative Approach Really Practical?
  2. How Does Strategy Link to Risk?
  3. Where Does Risk Management Belong in the Organisation?
  4. Crises and Black Swans
  5. Applicability to the Public and Not-for-Profit Sectors
  6. Would any of This Have Made a Difference in the Covid-19 Pandemic?
  7. Summary of Key Ideas

Annex A: Risk Return Relationships in UK Listed Companies

  1. Data
  2. Results
  3. Discussion

Annex B: The Impact of Covid-19 on FTSE 100 Share Price

  1. Data
  2. Results
  3. Discussion

Annex C: Alternative Numerical Example

  1. Risk Criteria
  2. Risk Analysis
  3. Risk Treatment

Annex D: Some Useful Sources of Risk Information

  1. Information Security
  2. Natural Disasters
  3. Other

View More



Patrick Roberts, MA, MSc, PhD is the Founder/Director of Cambridge Risk Solutions, Ltd, and is responsible for both business development and delivery of a full range of risk management services across all sectors. Projects have included: • Implementation of business continuity management systems for Hotel Chocolat, the University of New South Wales, Paradigm Housing and Moorfields Eye Hospital NHS Foundation Trust; • Design and facilitation of crisis management training and exercises for Heathrow Airport, Somerset Care Group and the University of Westminster; and • Internal audits for various clients holding certification to ISO 22301 and ISO 27001. Patrick has worked in Business Continuity and Security consultancy since 2003 when he joined Olive Security, one of the UK’s leading security consultancies. He subsequently spent 3 years as a Senior Consultant at Needhams 1834 Ltd where he provided Business Continuity consultancy and training for a wide range of blue-chip businesses and public sector organizations. He specializes in Risk Modelling, Business Continuity training and Disaster Recovery solutions. Before embarking on a career in Business Continuity Management, Patrick had a varied career including various project and line management roles in the engineering industry and serving as an Infantry Officer in the British Army. He holds an MA in Natural Sciences/Computer Science from Cambridge University; an MSc in Optoelectronic and Laser Devices from St Andrews University; an MBA from the Institute of Management Development in Lausanne, Switzerland; and a PhD from Nottingham University Business School. He is also a Fellow of the Institute of Strategic Risk Management, a certified Six Sigma™ Green Belt, an ISO 27001 Implementer and has passed the ITIL® V3 Foundation Certificate.


"The author provides a comprehensive story that radiates a better understanding of organisational risk, through to the motivations for managing risk and its application in practice. The connectivity of these aspects is profound and enables such an approach to be defensible and more likely to stick in practice."

Peter Noble, Chief Operating Officer, Newcastle Health Innovation Partners.

"With a practitioner approach to risk management, Patrick brings what can be seen as a compliance obligation into ways of working that in my experience have added genuine value to management team business planning and collaboration."

Matt Margereson, Chief Operating Officer, Hotel Chocolat.

"Patrick Roberts ’s practical sense backed by sound academic research has gone a long way to embed risk management into many organisational cultures. To the surprise of many this has been achieved without the need for costly software or bureaucratic form filling and the ultimate nightmare of the risk management tail wagging the management dog. This book, for the first time, challenges accepted wisdom on risk management and takes it out of its silo and places it squarely into mainstream management where it truly belongs."

Mike Stephens, formerly Director of Safety, Security and Resilience, the Medical Research Council.

"What is offered is a light bulb moment in collating and translating all the theory into a practical next level Risk Management solution. More than an expert opinion, but an expert solution; integrating risk assessment and mitigation within a structured process. This approach has already added value to the business in dealing with COVID disruptions and associated Global Supply Chain issues."

Malcolm Watling, Group Sourcing Director, Domino Printing Sciences.

"Risk is mismanaged by most organisations from project selection through to completion. We all know of failed projects which have been buried and careers destroyed; and highly successful projects which rewarded executives but were, in reality, just an extremely lucky punt. Patrick’s quantitative approach to risk management allows organisations to assess managers’ performance based on the quality of their decision making rather than short-term results."

Sean Blackburn, fixed failing projects whilst at McKinsey and now growing businesses as an executive within global organisations.

"I have had the pleasure of working closely with Patrick on a number of projects over several years. His professionalism, depth of knowledge and pragmatic approach when communicating the strategic requirements when reviewing a business continuity plan and the various considerations when analysing the impact on the business.

"This book clearly explains Patrick’s unique approach to risk management, drawing on his years of practical experience in implementing business continuity management and information security management systems for clients. In doing so, it goes well beyond the details of how to do risk management; to explore the fundamental questions of why we are trying to manage risk and how we can measure if we are delivering value for our stakeholders.

"This is a must-read book for any CEO or board level executive involved in risk management."

Dave Watson, Group Head of Property, Facilities Management and Fleet Operations, JLA Group

"A truly engaging, insightful and refreshing examination of the approach to risk management. An invaluable text for academics and practitioners alike to consider risk management techniques differently to bridge the gap between theory and application. Patrick uses his vast experience and extensive research to present a compelling and innovative case, with the focus on simplifying the process and placing return on investment at the heart of the decision-making process, driving efforts to truly manage risk to the benefit of all organisational stakeholders"

Head of Corporate Security UKI & EMEA, Financial Services

"In this well-timed work, Patrick Roberts uses his extensive practical experience of risk management to offer a pragmatic look at the topic, offering organisations and the groups within these organisations a different and more tangible perspective. It's a refreshing take on the why, the how and (crucially) the return on investment of risk management for leaders and managers at every level within ‘everyday’, relatable organisations."

Rupert Johnston, Director, Risk & Resilience Ltd and Specialist Member of the Institute of Risk Management.