Risk management and risk appetite: a necessary balancing act | CQI | IRCA Skip to main content

Risk management and risk appetite: a necessary balancing act

Published: 6 Jan 2022

New guidance from the UK’s Engineering Council describes the role of professional engineers and technicians, including quality management professionals, in dealing with risk. Here, we speak to Estelle Clark CQP FCQI FRSA about the guidance, including the concept of ‘risk appetite’.

In a world where safety is and should be everyone’s number one priority, what is our appetite for risk?  

This was the fundamental question posed when Estelle Clark chaired a working group responsible for revising the Engineering Council’s Guidance on Risk.  

Clark, who is Governance, Assurance & Improvement Strategist for a consultancy called Strategic Arrow and former Executive Director of Policy for CQI, is keen to ensure that effective risk management does not stifle innovation.  

Risk is an inherent part of all engineering activities, and anybody involved in these has a significant role to play in managing risk appropriately, she points out. Some elements of engineering activity, such as those involving public safety or dangerous hazards, are non-negotiable and there should be no appetite for risk.  

Understanding risk is fundamental to the delivery of strategy.

However, in other cases, excessive risk aversion might lead to technological stagnation and deny potential benefits to society. As Clark explains: “It’s really important that engineering professionals – and the quality management professionals who work alongside them – understand the level of risk that is acceptable in pursuit of objectives. This is what we call the ‘risk appetite’.” 

Prepared for failure 

Clark says risk management should not be seen as a negative concept – one that puts a stop to innovation and new product development. 

“There are circumstances where, if you want to try two or three different approaches, you need to be prepared for them to fail. This means that understanding risk appetite in relation to the context of what you’re working on is fundamental.”  

Published in October 2021, this is the first revision of the Engineering Council’s Guidance on Risk for a decade. CQI is a professional affiliate of the Council, which is the regulatory body for the engineering profession in the UK. As well as Clark, the quality management profession was represented by Amanda McKay FCQI CQP, Chair of the CQI’s Board of Trustees. McKay was not a member of the working group, but conducted a review of the draft documentation and gave feedback on its suitability from a quality perspective. 

Clark says: “Apart from me, everyone else on the panel was an engineer. This is an example of the benefits of the broad breadth of knowledge that quality professionals bring to an organisation.”  

Alignment with ISO 31000 

Compared with the previous version, the updated guidance is more closely aligned to the ISO 31000 standard on risk management, which defines risk as “the effect of uncertainty on objectives”. As Clark points out, this definition allows for the “positive consequences of uncertainty, as well as the negative”.  

She stresses the important role that quality professionals can play in the risk appetite debate. “This doesn’t just apply to engineers. Quality professionals need a mindset where they understand risk appetite too. The stewards of any organisation’s quality system are the quality professionals. If they have a mindset that says ‘we must beat the hell out of any risk’ and aim to reduce it to zero – and that is not in line with the organisation’s risk appetite – then they are going to find themselves up against board members who think they are just the ‘business prevention department’.  

“Understanding risk is fundamental to the delivery of strategy. I feel that quite a few quality professionals leave too much space between what they do and their organisation’s overall strategy. If you are auditing systems that don’t align with your board’s success criteria, then you’ve got a problem. Those systems need to be kept up to date and strategically relevant – and the evaluation of risk is a key part of that.”  

Six principles 

The guidance describes the role of professional engineers and technicians, including quality management professionals, in dealing with risk, and their responsibilities to society. It lists six principles to guide and motivate professional engineers and technicians in identifying, assessing, managing and communicating risk. 

These are: 

  1. Apply professional and responsible judgement and take a leadership role. 
  2. Adopt a systematic, broad and holistic approach to risk identification, assessment, management and review. 
  3. Comply with legislation and codes, but be prepared to suggest or promote further improvements. 
  4. Ensure good contextual communication with the others involved. 
  5. Ensure that sustainable systems for oversight and scrutiny are in place. 
  6. Contribute to public awareness of risk. 

Learn more about the ISO 31000 standard on risk management.