Main Menu
Home / IT Governance / Unmanaged risks

Unmanaged risks

What risks do you decide to not actively manage? Does the concept of not managing every identified risk make you go dizzy? Well, according to John Goodpasture, PMP, it's important to not only identify the risks you plan to address, but also the ones that are not likely to happen or have great impact if they do. Goodpasture explains how the plan of “no strategy” is still just as much a strategy as any other: 


Frankly, for many, the idea that we're going to sit back and accept risk is an uncomfortable position to take. But it happens all the time. When my risk management students lament that their organization has no risk management process or strategy and just deals with risk as they come along, I respond: “No strategy” is a strategy of sorts  in the sense  that you've embraced “accept” as your risk response plan. In that event, the need to actually do a lot of work up front to identify risks is really not too productive. If the organization is risk-seeking in attitude, this may be just fine. After all, you're just going to accept whatever comes along and deal with it. 

Goodpasture's supposition is that, if the unmanaged risk becomes an actual issue, you can then process the issue as you would any other   – assuming they are in fact low impact risks.

About Anne Grybowski

Anne is a former staff writer for CAI's Accelerating IT Success, with a degree in Media Studies from Penn State University.

Check Also

CSI Not Miami: How to Create a Culture of Improvement

While the abbreviation “CSI” may be more publicly associated with the string of cop procedurals …

Leave a Reply

Your email address will not be published. Required fields are marked *