INTRODUCTION

Risk management must affect decision making. This is stated clearly in the COSO standard and even more strongly in the ISO 31000 standard, where this is stated, on average, more than once per page. Furthermore, it is increasingly being accepted among risk managers that if risk management does not support decision making, it is of little value or benefit.

Yet neither the standards nor most textbooks on risk management provide tangible guidance on how to do this. The ISO 31000 standard even includes a principle that risk management must be “tailored,” leaving degrees of freedom to fit to any organization.

This chapter is aimed to remedy at least some of this void in risk management support, and is focused on providing practical guidance, process, and tools for how to implement effective decision risk management.

The chapter discusses:

• The process of decision making
• The danger of relying on human perceptions
• Two interlinked parts of a decision
• Identifying decision uncertainties
• Analyzing uncertainties and prioritizing/balancing actions
• Reporting and leveraging risk management
• Follow-through to drive intelligent risk taking

THE PROCESS OF DECISION MAKING

In decision theory, there are different levels and types of decisions. Risk-informed decision-making approaches depend significantly on what type of decision is being made.

One common fallacy is that any decision is a matter of ...