Key Insights Blog

Read the latest insights from our experts on GRC and risk management.

Explaining risk management in plain english

Posted by Guest Author: Norman Marks on 29 September 2017
Guest Author: Norman Marks

Risk in real life.jpg


On 26th October, Turnkey will be joined by renowned risk management expert, Norman Marks who'll be our guest speaker for a webinar focusing on risk and controls in real life. The following guest post from Norman is a 'pre-cursor' to what he'll talk about on the webinar.

This post was first published on Norman's own blog -


I have been saying for a while that one of the reasons for the disconnect between senior executives and risk practitioners is the latter’s language.


Two types of leaders

Leaders of the organization speak in plain English about the achievement of corporate objectives such as earnings, profits, and projects.

Leaders of the risk management function talk about risks, impact or consequences, and sometimes in technobabble about terms that only risk practitioners and statisticians understand, such as ‘risk capacity’, ‘alpha’, and ‘residual risk’.

The traditional way of explaining the risk management process is (per ISO 31000):

  • Establish the context
  • Identify risks
  • Analyse risks
  • Evaluate risks
  • Treat risks
    Communicate and consult (throughout the above)
  • Monitor and review (continuously)



Can this be translated into plain English, without using the ‘R’ word?

How about this?

  • Anticipate what might happen
  • Analyse the possibilities
  • Is there a problem? Can we do better?
  • What are the options? Can we improve them?
  • Which is best?
  • Decide
  • Act
  • Review/monitor/learn


A key word

I especially like the work ‘anticipate’. It’s better than talking about ‘uncertainty’, another word risk practitioners understand (I hope) but executives find difficult.

Isn’t risk management all about anticipating what might happen between where we are and where we want to be?

I welcome your thoughts.

Can we practice risk management in plain English and help leaders make intelligent and informed decisions without even knowing that this is ‘risk management’?


To register for our forthcoming webinar with Norman, 'Risk and controls in real life' please click here.


We would love to hear your thoughts. Please leave a comment.

We can let you know when we have a new blog - subscribe here

* We respect your privacy and personal data. By submitting your details and downloading our document you are accepting Turnkey Consulting's privacy policy which can be found here.


For a 3 minute Introduction to Turnkey Consulting, Download Our 18 Page Flipboard Guide