The risk manager

Risk Management

Over the last months we have on a weekly basis posted comprehensive articles covering tools and models which are useful for any risk manager to know of and be familiar with. In this article we will make a summary of these and dig into exactly what it means to be a risk manager.

Introduction: What is a risk manager?

A risk manager is an individual responsible for managing an organization or project’s risk. The person’s goal is to minimize or remove risks that can result in losses to the organization. This is done by identifying the risks, evaluating them, and deciding on which approach is the safest and most efficient. The risk manager can come in many shapes and forms, since risks are involved in almost any type of work done around the world. This means that whether you are within the construction industry, finances, or consulting, you can most likely benefit from having a risk manager to overview your operations. With there being this many varieties in risk manager approaches, there is equally many models, theories, and tools ready for risk managers to use.

Summary of tools and theories

Below you will find an overview of the articles previously made on the website. This is to help guide you towards what is relevant to you. You can access each article by simply pressing the title of the article.

Black Swan theory: This theory in short explains how to be prepared for what you cannot predict will happen. It is about bolstering your organization so it can get through a crisis of large proportions.

Sendai Framework: This article digs into how the Sendai Framework needs to be taken into account when building new constructions or rebuilding constructions after catastrophes. Furthermore it’s goals are to understand risks and how to efficiently mitigate them.

Fault Tree Analysis (FTA): The FTA is an important model in the risk manager toolshed. This model will help understand where and when disasters happen and how to reduce the likelihood of them.

Risk Management Decision: This article takes a deeper look at how a risk manager can get help in their decision making. It bases the decision making off of three different parameters which a risk manager should take into consideration.

The Perception of Risk: This is a theory made by the American professor Paul Slovic. The theory revolves around how an individual perceives risk and what factors play into it. It is one of the most important theories in regards to understanding your employees/co-workers risk perception.

Risk Management: Safety Risk Management: This article takes a closer look at safety risk management, with the goal being to identify the safety hazards and then mitigating these.

Even more articles and posts can be found in the RICO section on the website. Make sure to carefully study these when engaging in a large project or day-to-day work in an organization!

The Perception of Risk

Risk Management


Paul Slovic is an American professor of psychology at the university of Oregon. Slovic mainly studies human judgement, decision making and risk perception. He has released a large amount of research papers on the before-mentioned subjects and is considered one of the leading theorists within the risk perception field.

One of Paul Slovic’s most famous publications is “The Perception of Risk”. A publication where he researches and discusses how an individual perceives risk, in regards to extreme events and catastrophes.

The theory

What Slovic found out is that the relations between risk and benefit are never the same, but however based on how the individual perceives the risk. This perception is based on the past experiences that the person might have with such events or catastrophes.

Furthermore his research shows that if you ask people to answer what risks they think should be prioritised, the person will rely on subjective preferences to determine which risks they deem large or small. Thus there is a difference in regards to when a risk is perceived as large or small on an subjective level.

In the book “Perception of Risk”, Paul Slovic adresses two different factors which play in to how a person perceives risk; dread risk and unknown risk.

Dread risk revolves around the factors of which the person is aware of and have knowledge about. The variables within this factor includes fear, controllability, the potential of the catastrophe and fatal consequences. Typically the fear within this factor is the lack of control.

Unknown risk is about new risks which the person have little to no knowledge and awareness of. Examples of this is new technology, invisible risks, non-material risks and non-observable risks. These are typically perceived as a bigger threat than the dread risks for the simple reason that people cannot fathom the risk or consequences of it.

Why is this important?

As risk managers it is important to us that we know which tools and theories are relevant to our field of work. The perception of risk is one of the most important publications and theories in regards to understanding the people you work around on a deeper level. Knowledge of this can help predict and control how an individual will react in a potential crisis situation, but it can also help guide you when assigning roles on a complex project.

For example, by having knowledge of the perception of risk you can be more aware that you shouldn’t assign a person an assignment, if that person has had bad experiences with similar assignments perviously. Furthermore you can as a risk manager create more safe and comfortable working environments for the people around you.

Fault Tree Analysis (FTA)

Risk Management


The fault tree analysis, also known as FTA, is a model used to understand how systems or processes fail. Furthermore, it helps with identifying the best way to reduce risk and to determine the probability of an event occurring. The FTA shares many of the same aspects as the BowTie Analysis (BTA). The model was originally made by H.A. Watson working at Bell Laboratories with the goal of evaluating ballistic missiles. Since then, the FTA has spread to a wide range of industries where identifying risks and calculating probability is relevant.

The Model

The model usually consists of 4 elements:

The main event: The event at the top of the model which shows what is being analyzed within the fault tree.

Intermediate events:Events that occur between the basic events and the main event.

Basic events: A failure or error which results in another event happening. These are shown as circles on the bottom of the model

AND/OR gates: These are the link between the events in the fault tree. AND gates are symbolized with a flat bottom and means that all of the underlying basic events have to happen in order to trigger the intermediate event above. OR gates are symbolized with a curved bottom and means that just one of the underlying basic events have to happen to trigger the intermediate event above.

How can we use this in our projects?

A single fault tree is used to analyze and understand a single event, therefore we need to have conducted a risk analysis of the project before an FTA becomes relevant. Once we have the risk analysis we use the FTA’s on each of the hazards we have identified. It basically comes down to the following five steps:

1: Define the undesired event to study

2: Obtain an understanding of the event

3: Construct the fault tree

4: Evaluate the fault tree

5: Control the identified hazards

By following these steps you can reduce the risk within your project and at the same time determine which risks you are already protected towards and which risks you need to put more ressources into.

Have you considered black swans in your planning?

Risk Education

What are black swans? 

Every project will run into problems and unexpected risks. No matter how much you plan, these issues will arrive. They often come in different sizing from minor to devastating. Often the minor problems can be solved by carefully laid out contingency plans and great planning. However greater risks and problems can become of such magnitude that any basic planning won’t be sufficient, and more drastic measures must be taken. These can be categorized as black swans. The term black swan originally came from an ancient saying that black swans didn’t exist, this was then later reinterpreted when the first Europeans encountered it.  

The theory, in regards to disasters and management, was developed by Nassim Nicholas Taleb, a Lebanese American risk analysist and mathematician. The point of the theory was to explain the hard-to-predict and rare events that are beyond what normal history, science and technology can expect. Examples of such are the financial crisis of 2008 and the dotcom bubble of 2001. Some would argue that the COVID-19 pandemic also is a black swan, however Taleb thinks otherwise because according to statistical analysis it was predicted that such a pandemic would happen eventually, therefore it can’t fall under the category of a black swan.  

How knowledge of black swans can help us in our own projects: 

So how can we use knowledge of this and bring it into our own project management? Well, the entire point of black swans is that they are unpredictable, therefore we should not try to predict them. Instead, we build up a resilience within our organization or project. Resilience refers to the ability to regain quickly after something bad has happened. Resilience is built up by investing more money into the risk-safety budget and having more staff ready to help and act when a black swan hits. Often these investments will be hard to fit into the budget and many will deem them unnecessary costs. However, the consequences of these disasters will result in a monetary loss that is far greater than what you would have invested into the risk-safety budget.  

Key takeaways from the post: 

  1. A black swan is an extremely rare event with severe consequences, that cannot be predicted.  
  1. Resilience is the best way to mitigate the consequences of the disaster
  1. Resilience can be build by careful resource management and rehearsing