How can risk management be defined?

Author: Manu Steens

In this post I write my own opinion, not that of any organization.

The word risk management can be divided into two words: risk and management. You therefore need to know something about both their own nature.

ISO 31000 defines risk as “the effect of uncertainty on the achievement of objectives”.

This definition of risk is very theoretical and is often translated in practice as

Risk = Probability x Impact.

This definition works well for a risk analysis method such as the ‘Bow-Tie‘ method (‘Bow-Tie‘) where the risk is identified with a risk statement that consists of three parts:

Cause & Event & Effect

Where the probability is roughly determined by the causes and the impacts by the consequences.

This definition is applicable to roughly 80% of the processes and projects for most organizations.

But… It’s not always that simple. As an organization, you also have to deal with the risks in your environment. The concrete way to define a risk often depends on the domain in which the risk occurs.

With the ‘society for risk analysis glossary‘ in 2018, the ‘Society for Risk Analysis‘ provided a list of, among other things, the following qualitative definitions that are often used:

  • “Risk is the possibility of an unfortunate occurrence.”
  • “Risk is the potential for realization of unwanted, negative consequences of an event.”
  • “Risk is exposure to a proposition (e.g., the occurrence of a loss) of which one is uncertain.”
  • “Risk is the consequences of the activity and associated uncertainties.”
  • “Risk is uncertainty about and severity of the consequences of an activity with respect to something that humans value.”
  • “Risk is the occurrences of some specified consequences of the activity and associated uncertainties.”
  • “Risk is the deviation from a reference value and associated uncertainties.”

In addition, there may be abnormalities in the formula. For example, more generally:

Risk = Probability x ImpactN

If N > 1 one is risk-averse. If N = 1, one is risk-neutral. 0 < N < 1 is risk-seeking.

It is sometimes even more complex: the definition of risk then depends on the stakeholders of that risk. A ‘simple’ example can be found in agriculture, which is suffering from the drought.

If a year is very dry, the probability of drought = ‘1’ and the risk will depend purely on the impact of the drought on the harvest. You then calculate this impact by comparing the results with those of a reference year of a normal harvest.

A measure of risk to the private gardener’s harvest then becomes:

(Harvest of cultivation in the dry year) – (Harvest of cultivation in the reference year).

A farmer will look at things differently: he will compare the monetary values of the dry year with respect to the reference year as follows:

(Financial yield from the harvest of cultivation in the dry year + Subsidy that dry year) –

(Financial yield from the harvest of the crop in the reference year + Subsidy that reference year).

For the Seller in the stores, however, the risk can be calculated as a comparison of the profit of a crop in a dry year compared to a normal year as follows:

(Total selling price of cultivation per kg in the dry year – Total purchase price of cultivation per kg in the dry year – Loss of goods in the dry year) – (Total selling price of cultivation per kg in the reference year – Total purchase price of cultivation per kg in the reference year – Loss of goods in the reference year)

The tax authorities have the same risk as the seller in the store, after VAT calculation in both years. After all, no one guarantees that the VAT rate will be the same in both years.

Mathematical geniuses will be able to come up with much more complicated formulas. I’m going to stick to it here.

This shows that the simple case of growing vegetables in itself implies a different definition for the understanding of risk for different stakeholders. Not everyone in the supplychain is aware of this. These examples show that the concept of ‘risk’ is more complex than simply ‘an event’. The definition must be thoroughly considered for each scenario.

Depending on this definition of the risk, the measures may then change. For example, the gardener or the farmer will or will not invest in water for spraying, the farmer’s accountant will or will not do creative accounting, the seller decides to adjust his prices throughout the season,… In this way, risk management adapts to the environment. And the concept of ‘risk’.

The management part is nothing more or less than the wise approach and handling of those risks. Some of that wisdom is contained in standards. For example, ISO 31000 talks about Deming’s PDCA cycle (Plan-Do-Check-Act) that makes ISO applicable to everything. This is the management part in which they prescribe to identify, analyze, evaluate, define measures, which are implemented and monitored, after which the cycle is resumed. Every risk standard that respects itself has a qualitatively well-thought-out systematic way of tackling and handling risks.

This well-thought-out risk type-dependent way of handling risk is the ‘formal risk management’.

There is also ‘informal risk management’. This occurs, for example, with small traders who do not invest in a risk management system according to a standard. They intuitively apply ‘common sense’ measures within their business. Or they have employees who warn each other of a pitfall out of authentic concern.

Cultural trust – a basic talent against risks across borders ?

Author: Manu Steens

In this contribution I give my own opinion, not that of any organization.

People often speak of ‘trust’. But what do they mean? What kind of trust exist? Can you create it? What are the risks of not paying attention to creating trust? What if you betray trust? Is speaking the same language important?

Can you score without speaking the language? Without knowledge of each other’s cultural baggage? Who has the advantage when? Pierce the stigmas! Without knowing each other, you can’t look ahead to collaboration with each other’s. Despite all the theories and history lessons, this is not possible without trust. Without trust you can’t know the other person, you only know their stigmas.

I consider for myself two types of trust: Self-confidence versus cultural trust, each of which is a function of other components:

Self-confidence = F(parental education; character) and

Cultural trust = G(growing up in close proximity; in contact with distant surroundings).

I want to talk about this ‘cultural trust’ here.

I will take Russians and Americans as an example, because they are opposites in terms of their experience of trust, but I might as well have taken the Dutch and the Chinese.

When you talk to people about Russians and Americans, the first impression often comes up as a judgment. Buts appearance deceives, are Americans really superficial and are Russians really that arrogant?

That’s what we see from them. However, it is better to consider cultural trust as a topic here, rather than profane vocabulary. In the book “The Culture Map” by Erin Meyer, there is a continuum from purely task-based cultural trust to pure relationship-based trust. Here the USA is on the side of almost purely task-based trust and is Russia very much on the side of relationship-based trust.

How is this defined?

Task-based: Trust is built through business-related activities. Working relationships are easily forged and dissolved again, depending on the practical situation. You consistently do a good job, so you are reliable. I enjoy working with you. I trust you.

Relationship-based: Trust is built by eating together, having a drink together in the evening and conversations at the coffee machine. Working relationships are slowly but surely being built. I got to know you in a personal way. I’ve spent private time with you. I am good friends with others who trust you. I trust you.

This means that in order to do business (of all kinds: financial-economic to political agreements) between Russians and Americans, both must be aware of each other’s cultural attitude of trust.

It used to be thought that the American way of doing business was the ‘way to go’. Americans talk very fluently about their very personal issues but never show their truly vulnerable side. This seems very confusing to a Russian: just when he thinks the American wants to make a close friendship, he says: “It was pleasant, goodbye”. The Russian doesn’t hear about him anymore. For an average Russian, this is an unreliable attitude, which in the long run creates distrust of which the American is unaware.

Conversely, an American who wants to do business with a Russian will have to do his best to get into privacy with the Russian. Storming in and trying to make a deal won’t get him there. Then he is dismissed. Not because the Russian is so arrogant, but precisely because knowing each other well personally is so important. If, in his opinion, not enough time is put into this, not much will come of doing business.

This means that in order to be able to work together successfully, it is best to have a mediator present. Someone or a small team of people who have cultural experience with both parties.

In my opinion, this is one of the cores of many misunderstandings in the world on a small, but also on a large scale. In the worst case, misunderstandings lead to things that no one wants, such as brother murder.

To this end, work must be done to really get to know each other, especially at times when people, when they are young, are still receptive to learn this.


If we want to make the planet a better and safer place for future generations, schools should pay attention to:

  • types of communication
  • each other’s culture
  • learning to work on trust
  • empathy
  • really getting to know the other in their culture.

When are you prepared for a risk?

Author: Manu Steens

In this post I write my own opinion, not that of any organization.

ISO 31000 largely prescribes in outline what a risk management system can look like. It requires you to carry out a risk assessment, and to come up with measures, which you must then implement. However, it does not prescribe how to assess a measure (see my earlier blog

Nor does it describe how to know if you’re prepared for a risk. That is what I want to talk about now. Because if a measure has been assessed positively, the actual work only begins.

A first step you need to take is to effectively carry out a risk assessment. There is no way around that. You have to do that. But defining a measure is only the beginning of the actual operational preparation for the risk. There are a few things you need to do / check, besides implementing it.

  • Do you have a budget?

Provide a budget that is large enough. And there are several types of budgets that you can provide.

The first is the budget you need for the implementation of the chosen measure.

A second is the budget you may need for external insurance.

A third is the budget you may need to get through the dark times, a kind of bridging budget.

A possible fourth is a budget in the form of a captive. This is only relevant for very large risks or for large risk portfolios.

These budgets must be represented in the balance sheet. Without double purposes.

  • Do you have people?

In many crises, there is always a shortage of hands in the operational activities. It is best to think in advance which people and which types of profiles you will need. Discuss this in advance with HR, to see if they can include the activities required of them in their part of the business continuity plan (BCP).Do they know people with the appropriate profiles? Do they know the necessary contacts to get them quickly? HR also needs to lend a hand.

  • Do you have material resources?

People often can’t do anything if they don’t have the necessary equipment. Do you have the necessary back-up equipment for this? Do you have the necessary goods and information to continue the work or services? Are there goods or equipment that are duplicated as back-up for multiple purposes, with multiple measures? Can the organization afford this ?

  • Do you have the necessary information (distributed)?

This can be the call tree within your organization or the log-in data of the notification system etc. Are our own employees aware of the measure where useful and necessary? Is the environment (internal and external) aware of the possible risk if this is relevant to them? The other stakeholders too?

  • Do you have an owner of the risk?

Who is responsible for addressing the risk when it materializes? Is that the process owner? Anyone else? Is the handling of the crisis delegated to another person? You previously discussed the measure with him/her in an operational assessment. (cfr. URL Supra.) Who does what and who reports to the Crisis Management Team (CMT)?

  • Do you have a sponsor of the risk?

Typically, this is a high-ranking manager who approves the budgets for the measure. In addition, you previously discussed the measure with him/her in a strategic assessment. (cfr. URL Supra.)

Finally, if a measure was not possible, do you have a plan of action? Have you talked to risk managers from other organizations who may have similar risks and who have plans? Can you exchange experiences? Can you come to agreements with competitors for the joint deployment of people when a risk occurs?

Checking off this list does not prevent your measure from failing. But after all, it can convince the interested parties that the organization has already taken the necessary steps to avert, prevent or mitigate the risk if it occurs.

You are going to outsource: what are points of attention for risk?

Author: Manu Steens.

In this post I write my own opinion, not that of any organization.

In a previous blog I wrote about the strategic risks of outsourcing tasks of the organization. Now suppose that you still need outsourcing despite those considerations, e.g. because you have a shortage of employees. For example, because of the war for talent. Then there are a number of things that must go through your mind beforehand, factors such as quality, closing SLAs, safety and security, data protection. To this I add the fact that your investment in outsourcing must yield, so also ROI (Return on Investment), sometimes RO(S)I (Return on Security Investment) and nowadays also more and more VOI (Value on Investment). The factors I cite here are not exhaustive. These are just a few (more important) examples.

The challenging thing is to see these factors in combination with each other. That number of combinations increases quadratically. With these combinations you ask yourself a number of questions and try to answer them. The questions, we can give some of them (in a non-exhaustive list). The answer often depends on the organization on the one hand, the consultant and supplier on the other, or a combination of both. So that’s case-specific.

That is why we prefer to give the points of attention here in the form of questions. What is important depends on the situation and on the appreciation of the reader. Some questions are relevant in multiple places. We opted for a minimal repetition.

See document attached

Vision for the future after the war in Ukraine: what if there is 'peace'?

Author: Manu Steens

In this post I write my own opinion, not that of any organization.

At the moment we live in very uncertain times. For Ukraine and for Russia, that’s how it seemed from the latest controversy of the Wagner sidestep. There are dissatisfied people and not everyone wants to shoot the other one any longer, they say. Some followed one boss, others are welcome to the other boss. End game: Russia turns out to be more stable than the West likes, and Putin’s position comes out of the embarrassing situation strengthened. For comparison, see de Gaulle’s situation with Algeria in 1961.

The retreat of the rebellious Wagner troops under the pressure of Russian solidarity is now a fact. In addition, an intervention by Belarus was welcome for the Wagner boss. He promised him that he would find safety in Belarus. Nice gesture. He can secure his own life in the wasp’s nest that the would-be coup has become. What is there to it? My suspicion is that at Putin’s simple request, that security is no longer assured. The man is not a problem that cannot be solved with a fresh cup of tea or a poorly closing window in his future bedroom. After all, Belarus has sworn allegiance to Russia. However, it is unclear whether there is $6.2 billion involved (it was not denied at the time of this writing) and who has it. If necessary, someone else ends the problem with another contract.

The future of Ukraine is now uncertain. Putin’s plan, I think, was to give Ukraine a blow once and for all that it didn’t like, and then to rebuild it to bind the state, as he did with Chechnya. However, they are a different people, with a different backing at international level. One punch became many, and the country has been torn to shreds. No one wins a war that is a slaughterhouse. Reconstruction as currently estimated (between USD 400 billion and USD 1000 billion) is unaffordable for the economy of Russia as it is currently known by the EU. (In his article in VRT of 20/04/2023, Lukas Lecluyse writes: “Nevertheless, the sanctions generally have a negative impact on the Russian economy. This is evident from figures from the World Bank, the International Monetary Fund (IMF) and the Organisation for Economic Co-operation and Development (OECD). For this, GDP, the gross domestic product, is often taken into account. It is estimated that Russia’s GDP would have fallen by 2.1 percent by 2022… That decline would continue in 2023. According to the OECD’s projection, the Russian economy would fall further by 2.5 percent in the most extreme case. The World Bank’s figures show a different picture: GDP is expected to fall by “only” 0.2 percent this year. The IMF thinks that the Russian economy will not shrink at all, on the contrary. The fund announces economic growth of 0.7 percent.” See and Gross Domestic Product (GDP) 1.779 billion USD, Even for the EU, this is a huge amount, which will keep the money presses running at full speed. I make abstraction from the idea that a party wins the war and start from the idea that there will be an end.

In addition, Ukraine does not receive the military equipment, as it has to pay back in the long run. That will break up the country. Whoever wins the war gets a gigantic destroyed terrain that can be rebuilt from scratch. It is also a tough one for the EU. Moreover, these estimates have been made on the basis of the value of a dollar and an Euro that will not suffer from a successful rise of the future BRICS currency. The agreements for a BRICS currency are in the process of being drawn up.

So far as for the context in which two uncertainties are important to me.

These two uncertainties that I want to plot against each other are:

  • whether Russia will rebuild Ukraine after the war or not;
  • whether the BRICS currency has a strong rise from the beginning and thus brings down the value of the dollar and to some extent the Euro or whether the BRICS currency remains relatively unimportant in the short and medium term (up to 5 years).

Four possible futures follow from this:

  1. China cabinet
  2. S*!t hits our fan
  3. Cold war
  4. A little warm War?
  • China cabinet: In this scenario, the Russian economy is stronger than I estimate it to be, and the BRICS currency remains a weak currency at first. There may be a change of roles at the top of Russia, perhaps not, and neither the EU nor America will have much additional hindrance to their own trade relations with Russia after the war in Ukraine. The EU is already paying for reconstruction and will continue to contribute to it. Russia pays most of it. The money presses of the currently strong Western currencies are running at full speed. However, this encourages a new inflation, which gives China the opportunity to contribute to the reconstruction and strengthen its position in the world as a trading partner in the EU and in the world. The price of energy remains fragile. The reconstruction will keep the world economy running at full speed. This is used as an excuse for the use of fossil energy sources. The world political situation is unstable and can be handled cautiously. Lack of mutual cultural understanding of other parties keeps a fuse above the powder keg.
  • S*!t hits our fan: The ‘free West’ is in trouble. Due to a rapidly increasing importance and value of the BRICS currency, the Euro and the US Dollar come under heavy pressure, which they cannot keep after some time. They diminish in value. The West does not continue to retain its political added value on a global level and more and more countries are joining the BRICS. As a result, Russia’s economy is strengthening more, as is its political grip on the world. A new global player is emerging from the BRICS currency, with new countries from Latin America and Africa applying to join it. With China, India and Russia, they are a successful counterweight to the West. The Euro and the US Dollar are devaluing at a solid pace, the poorest in the West have been hit the hardest. The price of the reconstruction of Ukraine is no longer stated in US Dollars or Euros but in the new BRICS currency. The US is becoming politically isolated and the same is threatening the EU. The West has been militarily weakened by a weakening of its economy. Cybercrime/war has become ubiquitous from all parties. An alternative to NATO emerges from the new BRICS countries. The population in the West is getting tired of ‘it’ and there is a threat of civil disobedience in the West. This may be accompanied by a flight of the well-to-do and intelligentsia.
  • Cold War: Russia is losing internal support from its own people who are tired of the damage to the Russian economy caused by trade embargoes from the West. A permanent trade embargo by the West is hampering the global economy and the Global Supply Chain is coming under severe pressure in some parts of the world. This represents an opportunity for China to bring stability to the Global Supply Chain in the BRICS countries. It thus strengthens its economic position in Asia, Africa and Latin America. It is moving towards the European market. India is increasingly playing China’s card and is coming to a political break with the USA. A terror problem arises: even more (classic) weapons from the war end up in the hands of the mafia all over the world. Russia can see nuclear weapons technology and nuclear energy technology as a point of growth at the political level, to ensure the “friendship” and financial support of other states that crave such technology and weapons. This results in a very unstable world policy, in which the maps have been heavily rearranged. The EU will have to provide financial responsibility for the reconstruction of Ukraine. It does this in order to strengthen its own interests with those of a number of Eastern European countries through reconstruction. This will start new inflation waves of the Euro. This results in somewhat of a relative strengthening of the BRICS currency.
  • A little warm War ? Here Russia will develop a firm grip in world politics together with China. It will take decades to finance its part of Ukraine’s reconstruction. The US Dollar and the Euro seem to be weakening. Due to an increased influence of the BRICS countries and possibly new entrants, the influence of NATO weakens. An alternative to NATO emerges from the BRICS countries and this isolates the West. A number of parties are leaving NATO. The USA is militarily folding back on itself. It obliges the EU to provide military support for itself in addition to the payments for the reconstruction of Ukraine. Political tensions within the Western bloc occur when Europe chooses to create its own weapons systems ‘in-house’ and no longer be dependent on the USA for weapons technology. Europe is becoming more independent of the USA. However, it needs time to adapt its economic strategy and, moreover, to evolve militarily. As a result, it loses time and energy to keep its grip firmly in world politics. This creates a political and economic gap, to which China and other BRICS countries under her leadership are cleverly responding.


It follows from these ideas that the situation is fragile and the West as a power bloc is in a state of a kind of phase transition. The linear reasoning based on the power of the US Dollar and Euro comes to an end here. Moreover, the media pay too little attention to the future BRICS currency as a new currency. Phase transitions are known as complex systems. They are unpredictable, if it is the first time that one notices or such a phenomenon occurs. After all, it has not been studied historically. There is no historical past that we can look back on to create a sense of the opportunities and consequences of the interplay of events. Risks are therefore difficult to assess. Perhaps the risks outlined above are still cautiously formulated.