Risk Topics

is risk management a profession


A risk practitioner vastly senior to me posited the question on LinkedIn whether risk management is even a profession.

I thought I'd record my thoughts on that subject.

I think that it follows that risk management isn't there yet as a profession. There are "risk managers" that deal almost exclusively in buying property insurance and adjusting claims, and others who deal only in "cyber". Among the latter I've found little comprehension of how insurance works, and doubt the former consider the latter their field at all. I know "quants" who flatly disregard anything but their camp's methods, and have a book on decision making that questions whether Bayes etc can even be considered risk management or applied to any future state. I also know risk practitioners with decades of experience who are dismissive of ISO 31000, while others reject of COSO ERM. I attended a 2014 panel of published risk leaders who were unanimous on rejecting today's supposed bedrock common practices:risk registers and heat maps and rating likelihood * impact.

All the while we have glaring failures of risk management of many types in every field. All three of those panelists discovered on stage that they'd all given up even reading the common risk literature.

I think what we're in right now is a prelude to a profession, the state that causes the profession to become required. But I don't think we're alone. The entire IT field seems to be in the same state.

© 2013 - 2019 werneburg information risk management inc.