ABSTRACT
We have noted that, to an extent, we all (whether as individuals or as organisations) manage risk. The question that arises, therefore, is how well do we do it? This is really a matter of assessing the maturity of our risk management. That maturity in turn is a measure of how committed we are to managing our risks systematically; and of the system we have implemented, how it has been implemented, how it operates, how it is maintained and improved, and who has responsibility in all of this. Risk management is more a people issue than a mathematical conundrum. For many organisations, the risk management process focuses on managing the people who are dealing operationally with risks. Encouraging people to have an informed understanding about risk in general is one important aspect; getting them to adopt a formal approach to identifying and dealing with specific risks affecting their organisation is another, although it is not unknown for a key stakeholder (particularly a public sector client) to call for evidence of systematic risk management capability as part of its criteria for selecting potential participating stakeholders in its projects.
