I dont know my MFL from my RRR or BCP. Can I still manage risk?

Over the years, risk management, like many specialised fields, has developed it’s own jargon. While a clear and meaningful vocabulary is of course important, it’s hard to ignore the overcomplication, where a complex term is created when a simpler one would do. The technical language can obscure the true purpose, leading to situations where businesses lose sight of the bigger picture.

For example, protracted discussions about semi-quantitative measures of risk, aimed at determining residual values post-control implementation, can become confusing—if not outright nonsensical. The focus on terminology and methodology risks overshadowing the end goal.

On the surface, risk standards like ISO 31000 are relatively straightforward. However, the inherent complexity of managing risk often leads to an increasingly intricate array of tools, concepts, and technical terms. Acronyms such as MFL (Maximum Foreseeable Loss), RRR (Residual Risk Rating), and BCP (Business Continuity Plan) can make the field appear daunting, especially to those new to the discipline.

One way to counter this complexity is by returning to the fundamentals. Asking simple, direct questions can help refocus discussions and ensure clarity. Questions like:

• What are the risks we face?

• What would the impact be if these risks materialised?

• How likely are they to occur?

• What steps can we take to reduce or manage them?

Similarly, when deciding how to act on a known risk, it can sometimes be helpful to apply a type of binary logic by asking the simple question “are we going to dedicate more (of our limited) resources to managing this risk or not”.

While this approach won’t always apply, it often helps cut through the jargon and address topics like residual risk, materiality, and control criticality in a way that’s accessible to all stakeholders.

Risk management doesn’t have to be unnecessarily complicated. By prioritising clear communication, focusing on practical steps, and demystifying technical language, organisations can develop effective risk management systems without needing to be an expert in every acronym.

Talk with us today to learn about how ⚡Virtus Advisory⚡ can help you get started.