Is Measuring Risk Possible?

I saw a discussion question recently asking how to measure risk?

My first reaction was…do you measure risk?  I say no.

Do you measure security?  Do you measure prevention?   I would say no and no.

Do you measure cake?

Not usually, unless you are paying for cake by the pound, but measuring the cake does not guarantee the cake is any good.

Determining if the cake is any good depends on how the cake looks and how the cake tastes.  To make a good cake, you need to measure each of the ingredients for the cake (internal) and you need to measure the temperature and how long you bake the cake (external).

Risk is similar and organizations must determine if their risk management is good (or not good) based on the results.  Like a good cake, good risk management* depends on the “internal ingredients” and the “external factors”.

Research from hundreds and hundreds of lessons learned clearly reveal that better risk management results are needed and organizations:

  • Need better awareness/management of their internal ingredients
  • Need better awareness/management of external elements that can affect their organization
  • Need better tools for measuring their internal ingredients and external elements


Measuring risk is an interesting topic of discussion, but your organization’s bottom line results and winning the “best cake award” with your employees and clients is far more important.

*In addition to risk management, numerous other management efforts (security, safety, prevention, intervention, reputation, documentation, etc.) depend on measuring internal and external elements.