What is Risk Management

What is risk?

Though there is no universally agreed single definition of risk but most of the definitions have two things in common, uncertainty and its effects on objectives.

Risk has been defined by ISO as:  Effect of uncertainty on objectives,

Risk is often characterised by reference to possible events and their impacts, or a combination of these. Risk is often expressed in terms of a combination of the impacts of an event and the associated likelihood of occurrence.

What is risk management?

Risk management is combination of actions, processes and tools to manage uncertainties and their effects on organisational objectives.

What is risk management framework?

Risk management framework is a process that provides the foundations and organisational arrangements for developing, implementing and improving risk management throughout the organisation to improve risk management maturity.

A risk management framework aspires to assist organisations to improve their risk management maturity and manage their risks effectively at varying levels and within their specific internal and external contexts. Risk management frameworks should ensure that risk information derived from risk processes is effectively reported and used as a basis for decision-making at all levels within the organisation.

Why risk management or enterprise risk management?

The purpose of risk management is to ensure that risks are successfully identified and treated in a manner that is suitable to:

Hard and soft aspects of risk management

There must be a right balance of soft (culture, values, people) and hard (systems, processes) aspects of risk management for a risk management framework to be effective. Unless systems and processes are not supported by management and staff with the right attitudes, behaviours and appropriate competencies, there are chances that highly sophisticated systems and processes may not be effective.

What is risk management framework cycle?

Risk management framework cycle has three main stages

  1. Develop a risk management framework
  2. Implement a risk management framework 
  3. Review and enhance a risk management framework

Linking risk management with other business functions

Risk management is not a stand-alone process. For a risk management process to be effective, it need to be integrated with other business processes.  Risk alignment is necessary with following other business functions:


© 2016 Investors in Risk Management