Democratic Risk Management


Risk Doctor Briefing

Rasoul Abdolmohammadi, PMP, PMI-RMP

The Risk Doctor Partnership


Former British Prime Minister Winston Churchill seemed to have a problem with democracy! He famously said “Democ­racy is the worst form of government, except for all those other forms that have been tried.” Greek philosopher Plato agreed, putting democracy near the bottom of his list of five types of government (Aristocracy, Timocracy, Oligarchy, Democracy, and Tyranny). Most people agree that democracy is a good thing, but does it relate to our professional lives? More specifically, is it possible to develop a democratic approach to Enterprise Risk Management (ERM)?

One key characteristic of democratic systems is decentralisation. This has been evident in government structures and policies since the nineteenth century, and it has also influenced the business world as a strategy for developing organisations and procedures. Is the same true of ERM? Many people view ERM as a centralising function in an organisation, enforcing a single “right way” to do risk management, and collecting and combining risk information to present to senior leaders in support of their overall management of the business. What would “Democratic ERM” look like? We should expect it to be characterised by decentralisation, in the following ways:

  • Organisation. ERM usually involves a central risk department with responsibility for overseeing risk management across the organisation, perhaps with a Chief Risk Officer in command. But this centralised approach can lead to non-realistic outputs, if the ERM function becomes detached from the rest of the organisation. Instead, everyone across the whole organisation should have responsibility for managing risk in their areas of responsibility. Risk practitioners should also be in place throughout the organisation to provide support and guidance to project, operational and functional teams. This more decentralised approach to managing risk is a feature of “Democratic ERM”, and will ensure that risk is managed at the right level, closest to where it affects the organisation.
  • Objectives. Risk is defined in relation to objectives. Decentralisation leads to the top-down development of a coherent hierarchy of objectives at multiple levels throughout the business, with lower-level objectives aligned to the strategic objectives of the overall organisation. It is then possible to manage risk at each level, linking risks to the objectives at that level. “Democratic ERM” coordinates the various levels of risk management, ensuring that common standards are applied, escalating risks as required. An ERM approach that only considers strategic objectives is more like dictatorship than democracy.


To read entire article, click here



About the Author

Rasoul Abdolmohammadi




 Rasoul Abdolmohammadi is an industrial engineer with more than 15 years project management experience including risk, time and cost management. He currently works as planning and scheduling specialist in Petronas. His risk experience includes developing, implementing and training project risk processes for a range of mega-projects in the oil & gas and construction industries (for the first time in Iran), including quantitative risk analysis using Primavera Risk Analysis. Rasoul has published his experiences in the book “Practical Project Risk Management Processes“, and he has presented on risk at international conferences.

He can be contacted at [email protected]