TOWARDS SYSTEMATIC CONTRACT RISK MANAGEMENT
To move towards more systematic contract risk management, a framework and vocabulary are necessary. Existing risk management standards are often confusing because risk management and the risk management process have been defined in different ways by different professional bodies and standards organizations. Some companies and industries have also developed their own language. As shown in the following three examples, the language used for the steps in the risk management process varies also.
The ISO Risk Management Standard (ISO 31000:2009) defines risk management as "coordinated activities to direct and control an organization with regard to risk.” The "coordinated activities” are achieved through a process, where the main steps are risk assessment—the overall process of risk identification, risk analysis, and risk evaluation—and risk treatment. At all steps, the process also involves communication and consultation along with monitoring and review.
The IRM/ALARM/AIRMIC Risk Management Standard sees risk management as "the process whereby organizations methodically address the risks attaching to their activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities.” This Standard begins the risk management process with the strategic objectives of the organization and includes in the process the steps of risk assessment (including risk analysis—that is, risk identification, risk description, and risk estimation), risk evaluation, risk reporting (threats and opportunities), risk treatment, residual risk reporting, and monitoring.
The PMI Guide to the Project Management Body of Knowledge, in turn, defines project risk management as a process that includes conducting risk management planning, risk identification, risk analysis, risk response planning, and monitoring and control.
-  For a comparison of risk management standards, see Table 2.1 in Pullan, P. and Murray-Webster, R. (2011) A Short Guide to Facilitating Risk Management. Farnham: GowerPublishing, pp. 11-13, with references.
-  A Guide to the Project Management Body of Knowledge (PMBOK® Guide) (2008) 4th edn. Newtown Square, PA: Project Management Institute (PMI), p. 273.