People manage risk without thinking about it. In everyday situations, we make decisions which include assessment of risks, for example when we cross a busy road. Every decision changes risk and good managers have always managed risk well. To promote better outcomes, formal risk management processes are applied to decision-making within organisations. There are two sets of standards commonly used to guide this. These standards are ISO 31000:2018 ‘Risk management – Guidelines’ and CSO ‘Enterprise Risk Management – Integrating with Strategy and Performance’.