Though there is no universally agreed single definition of risk but most of the definitions have two things in common, uncertainty and its effects on objectives.
Risk has been defined by ISO as: Effect of uncertainty on objectives,
Risk is often characterised by reference to possible events and their impacts, or a combination of these. Risk is often expressed in terms of a combination of the impacts of an event and the associated likelihood of occurrence.
Risk management is combination of actions, processes and tools to manage uncertainties and their effects on organisational objectives.
Risk management framework is a process that provides the foundations and organisational arrangements for developing, implementing and improving risk management throughout the organisation to improve risk management maturity.
A risk management framework aspires to assist organisations to improve their risk management maturity and manage their risks effectively at varying levels and within their specific internal and external contexts. Risk management frameworks should ensure that risk information derived from risk processes is effectively reported and used as a basis for decision-making at all levels within the organisation.
The purpose of risk management is to ensure that risks are successfully identified and treated in a manner that is suitable to:
There must be a right balance of soft (culture, values, people) and hard (systems, processes) aspects of risk management for a risk management framework to be effective. Unless systems and processes are not supported by management and staff with the right attitudes, behaviours and appropriate competencies, there are chances that highly sophisticated systems and processes may not be effective.
Risk management framework cycle has three main stages
Risk management is not a stand-alone process. For a risk management process to be effective, it need to be integrated with other business processes. Risk alignment is necessary with following other business functions: