Internally Generated Risks – hidden, complex, powerful

Internally Generated Risks (IGR) are the risks we create for own organisation or project by how we work and the decisions we make.   For example, whenever we make a key decision without consulting appropriate stakeholders or we use an ineffective internal business process or we hire someone unsuited to their role, we make success less likely.  That is, we create risk.  When this happens, we can’t blame external forces or technology or bad luck.   The risk is internally generated.

IGRs are often sensitive to talk about and to document, may be treated as “management issues” rather than risks and can be complex and subtle to identify and to define.  Consequently, they seldom appear in risk registers and are often poorly managed, if at all.   Recent research shows that only about 25% of such risks are acknowledged and even less are documented and managed.  Yet the evidence is overwhelming.   The root causes of most major disasters are internally generated.

When (or if) your project or organisation experiences an avoidable failure, the root causes will almost certainly NOT be in your risk register!!!    So if your risk management practice and thinking depends on the use of risk registers and apply the traditional risk management process described in ISO31000, you should stop and think.   The sources of risk that will cause your next disaster are almost certainly NOT being managed as risks.

Understanding and managing Internally Generated Risks is just one part of the unique Manex Organisational Risk Leadership approach to maximising success in an uncertain world.

If you want to grab hold of organisational uncertainty and risk and to turn them to your advantage, feel free to contact Dr Richard Barber at