Chapter preview

Chapter 8 analyses how risk is typically managed by complex organisations. The use of risk mapping and risk registers is explained and the limitations of both methods are examined. ‘Risk appetite’ is considered. Business continuity management processes are described. The use of organisational support systems is noted. ‘Black swans’ and ‘perfect storms’ are discussed. The concept of safety culture is defined and the methods used to measure it are presented. The way safety culture relates to the occurrence of accidents is summarised and the ways safety culture may be improved are introduced. Aspects of the role of regulatory agencies in the process of risk management are considered. Organisational factors that inhibit effective risk management are outlined. The price of failure and the ‘complexity paradox’ are summarised. The significance of an organisation’s ‘risk reputation’ and trustworthiness are discussed. The notion of trust deficits is presented. Approaches to the analysis of adversaries are introduced.

The framework for risk management

Risk management is now a major preoccupation of most large or complex organisations. This does not solely refer to the management of hazards that the organisation might create (for example, in the case of a chemical company, the possibility of toxic waste from an incinerator or, for a nuclear power generator, the potential of an off-site release of radiation). It refers also to the management of hazards that might damage the organisation itself. These types of risk are diverse. For instance, they might be commercial or market-based, they might be structural or deal with human resources, or they might be financial or technological. It is worth briefly exploring this focus upon risk management in this broader sense.