Should We Still Be Using the Term Risk Management?

“What’s in a name” you ask?

Aside from “To be or not to be? That is the question,” this is probably one of Shakespeare’s most well-known quotes or idioms.

And coincidentally, it forms the basis of one of the biggest debate’s in the risk management world today.

Between risk appetite, heat maps, and the reliability of standards like COSO and ISO 31000, the risk management field has its fair share of debates.

Interestingly enough, the usefulness of the term “risk management” is another example of one of these debates. You read that right – there’s intense disagreement over exactly what term we should use to describe what we do.

LinkedIn is the primary spot where this debate plays out…

On one hand, thought leaders like Tim Leech, Norman Marks, and Grant Purdy say “risk management” is confusing and should be scrapped in favor of “certainty management,” “decision support services” and other terms, or as Tim proclaims in this LinkedIn post:

The terms “ERM,” “Risk Management,” and “Risk Manager” are dragging the profession down like a huge millstone. Words matter. Poor choice of words dating back decades is a big part of why most senior executives today see little value in risk-list ERM. It’s time to dump these flawed terms in favor of better words and methods that reflect the future and real opportunity of more structured uncertainty assessment and decision making.”

These well-respected experts cite a number of reasons for their stance, including:

  • According to surveys like NC State’s annual report, very few respondents (12%) indicate their “risk” processes provide a strategic advantage to the company.
  • Most mistakenly believe the term means managing lists of risks and that it is the risk professional’s job to actually “manage” risks, not the business’s job.
  • Consultants adopt this word to offer services that are ultimately of little value.
  • It has different meanings based on who you ask. Those with a more traditional “risk management” view believe it’s only about mitigating threats or providing coverage for insurable risks.

As Roger Estall and Grant Purdy explain in their book Deciding, the term “risk management” finds its origins in the insurance industry when it comes to the “risks” that are underwritten for insurance coverage. Over time, and especially in the last few decades, ideas and practices for improving decision-making were also given this label. However, Estall and Purdy explain:

In the same way that the ‘risk management’ label became attached to many different ideas, so too, inevitably, did the word ‘risk’ acquire many different meanings. This created the odd situation that the core word of an increasingly popular, yet ill-defined, expression was effectively meaningless – as was the expression itself!”

Not everyone agrees with shedding the “risk management” label though. Below are a few rebuttals to the aforementioned LinkedIn post from Tim Leech on this subject.

Supporters of scrapping the risk management label explain, correctly in my view, the extreme shortcomings of simply managing a list of risks and that many carry the mistaken belief that ERM is responsible for managing the risk.

Again, like these supporters, their detractors make some valid points, mostly around that it’s important not to throw the baby out with the bath water. I’m not sure I could be placed in one camp or another, but one thing that is certain in my view is…

How your company refers and views this function is strongly dependent on the industry, corporate culture, and other organization-specific factors.

In many cases, I try to avoid blanket pronouncements since every company is different.

In the case of the label of risk management, I hesitate to say there should be an across-the-board change. This isn’t a black and white issue – there’s going to be a ton of gray areas.

One reason is expectations…

Whether from regulators (depending on your industry), investors, credit ratings agencies, or other stakeholders, there’s an expectation you have a function or process called risk management. Calling it something else could lead to pushback from multiple directions.

And as I elaborate on here, there’s an expectation the Board play an active risk oversight role.

With this expectation from such a wide array of places, it would be very cumbersome to just decide willy-nilly to not use the term anymore.

Instead of a wholesale change, it’s all in how you describe what you do.

In the end, the phrase “what’s in a name?” is especially relevant since it basically means “the name of a thing does not matter as much as the quality of the thing.”

What this means for today’s topic is that it’s not so important the term(s) used, but rather the messaging and branding behind it.

When someone asks what I do for example, I give them the following:

I help insurance companies identify their goals, how they can best achieve their goals, and prioritize and allocate resources accordingly.”

For those who know what the specific terminology is, I add on: “To do this, I use various strategic planning and risk management techniques and tools.”

Therefore, instead of just dropping the term altogether, risk professionals need to clearly articulate their role and make sure everyone is on the same page on what this means for the company.

Again, I understand the perspective that the phrase is confusing, and lists and other formalities do not give the company a competitive advantage. However, I also believe it would be unwise to just chunk the label without careful consideration of the expectations of outside parties and whether doing so would lead to even more confusion.

In most circumstances, a clear understanding by everyone of what risk management means for the company will be much more helpful in the long run in my opinion.

Do you encounter confusion as to what risk management is at your company? Have you considered changing the name altogether?

I’m interested in hearing different perspectives on this and other issues. To share your thoughts, please feel free to leave a comment below or join the conversation on LinkedIn.

And if your company is struggling to articulate what risk management and ERM means and how it can help better achieve strategic goals, please don’t hesitate to contact me via email or through my meeting calendar to discuss your specific situation and potential paths forward.   

Sign Up For Our Newsletter

Sign Up For Our Newsletter


Meet Carol

Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.

Most Recent Posts

The 12 Days of ERM Christmas

Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…

Read More

Don’t Let Goals and Initiatives Be Blindsided by External Events

As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…

Read More

Going the Distance: Ensuring Successful Execution of Strategic and Annual Initiatives

Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…

Read More

Avoid Rookie Mistakes and Protect your Internal Reputation

Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…

Read More

ERM at Thanksgiving – An Illustration of Risk Management in Action

On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…

Read More

Why Quantitative Risk Assessment is Not Just the Best But the Only Option – A Conversation

Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…

Read More

The Three Lines Model – 3 Reasons Why I Don’t Like It

Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…

Read More

5 Avenues for Expanding your ERM Knowledge

One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…

Read More

Storytelling and Risk Management – Developing Skills that Technology Cannot Replace

It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…

Read More

3 Phases to Creating and Launching an ERM Program Focused on Organizational Success

If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…

Read More