M_o_R ® (Management of Risk) – in 3 minutes


The basics

Management of Risk, M_o_R ® is a structured framework and process for taking informed decisions about the risks that affect an organization, at strategic, program, project or operational level.

Target audience

Business managers, risk management officers, CIO, information security officer, program and project managers


M_o_R® was first published in 2002; its current version is the Third Edition  (2010). The approach was originally designed  for use by the UK Government and is owned by the Cabinet Office. It is now used in the public and private sectors alike.

Management of Risk is of enterprise-wide importance, and can be applied to the three core elements  of a business:

  • Strategic – business direction
  • Change  – turning  strategy  into action, including program,  project and change management
  • Operational – day-to-day  operation and support of the business


In this way, the strategy  for managing  risk should be managed from the top of the organization while being embedded into the normal working routines and activities of the organization.

There are eight principles, which are consistent with corporate governance principles and the international standard  for risk management ISO 31000: 2009. The principles are: Aligns with objectives; Fits the context; Engages stakeholders; Provides clear guidance; Informs decision-making; Facilitates  continual improvement; Creates a supportive culture; Achieves measurable value.

An overall strategic  framework, including a policy document,  is also of key importance. It needs to include the following elements: risk identification; risk evaluation; setting acceptable levels of risk; identifying suitable responses to risks; risk ownership; implementing responses to risks; gaining assurance about the effectiveness  of the responses; embedding,  reporting  and review.

Once a framework is in place, a common approach can be used across the business, bringing together disparate risk disciplines and functions into a consolidated  and consistent  approach.

Scope and constraints

M_o_R is appropriate for any type of organization regardless of its size, complexity, location, or sector.


  • Improved corporate decision making through  the effective communication of risk exposure throughout the organization;
  • An open and supportive approach  to the identification, analysis and communication of risk;
  • Better  awareness in all personnel  of the cost and benefit implications of their actions.


In practice, it is often difficult to ensure that all risk related disciplines and resulting work are captured within a consolidated  view of risk, as there can be a tendency to work in segregated functional areas – especially in larger organizations.

Want to know more?

9789087536565_CoverLRTitle: Risicomanagement op basis van M_o_R® en NEN/ISO 31000 (dutch version)
Authors: Douwe Brolsma & Mark Kouwenhoven
ISBN: 9789087536565
Price: 22,50 euro
Order here your copy or view the sample file on our website

Leave a Reply

Your email address will not be published.