New to RM >

 What is Risk Management?

There are many definitions of risk management, however the simplest ones are always remembered. This definition from the University of Surrey cannot be bettered:

Risk management is a process which provides assurance that:

• objectives are more likely to be achieved;
• damaging things will not happen or are less likely to happen;
• beneficial things will be or are more likely to be achieved.

It is not a process for avoiding risk. The aim of risk management is not to eliminate risk, rather to manage the risks involved in all activities to maximize opportunities and minimize adverse effects.

More specifically, risk management is a formal (business) process used to identify risks and opportunities across the organization, assess the potential impact of these events and then provide a method for addressing these impacts to either reduce threats to an acceptable level or achieve opportunities.

In its basic form, the risk management process involves:

• The identification of risks and opportunities
• The measurement and assessment of these risks from a current exposure perspective
• The determination of a target (or desired) level of exposure (risk appetite)
• A management plan (involving controls, actions and fall-backs) to get from the current to target state

The risk management discipline has evolved over the years into a concept called enterprise risk management (or ERM). ERM is the framework organizations look to put in place to address all the risk management needs across and up through the organization in a structured, common manner, in order to be able to measure, aggregate and assess the relationship of this information on an enterprise basis.

It is providing the ability to do this that offers business the greatest benefits.