IT GovernanceRisk Management

Unmanaged risks

What risks do you decide to not actively manage? Does the concept of not managing every identified risk make you go dizzy? Well, according to John Goodpasture, PMP, it's important to not only identify the risks you plan to address, but also the ones that are not likely to happen or have great impact if they do. Goodpasture explains how the plan of “no strategy” is still just as much a strategy as any other: 


Frankly, for many, the idea that we're going to sit back and accept risk is an uncomfortable position to take. But it happens all the time. When my risk management students lament that their organization has no risk management process or strategy and just deals with risk as they come along, I respond: “No strategy” is a strategy of sorts  in the sense  that you've embraced “accept” as your risk response plan. In that event, the need to actually do a lot of work up front to identify risks is really not too productive. If the organization is risk-seeking in attitude, this may be just fine. After all, you're just going to accept whatever comes along and deal with it. 

Goodpasture's supposition is that, if the unmanaged risk becomes an actual issue, you can then process the issue as you would any other   – assuming they are in fact low impact risks.

Show More

Leave a Reply


We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.