What is Risk Management

What is Risk Management

What is Risk Management?

Risk management refers to a combination of procedures and processes for identifying, quantifying and controlling risks in a specific setting. With business activities in every industry and sector often having uncertain outcomes, risk is universal and affects every organisation. Specific risks vary considerably and can be classified under a variety of headings, including:

  • Political Risk
  • Health & Safety Risk
  • Market Risk
  • Legal Risk
  • Operational Risk
  • Financial Risk
  • Technological Risk
  • Environmental Risk

As the future cannot be accurately predicted, it is essential for businesses to safeguard themselves by taking a statistical and highly-strategized approach to risk management.

The Risk Management Process

Effective risk management involves the identification of every potential risk the organisation is exposed to, both internally and externally. Each identified risk must then be measured in terms of its severity and likelihood of occurrence, in order that it may be considered and prioritised accordingly. The possible implications of each risk identified must be evaluated in full, in order to determine its impact in the event of its realisation.

It is fundamentally impossible for any organisation to eliminate all risks comprehensively. Risk management strategies are therefore devised and implemented to minimise both the number and severity of as many identified risks as possible, in accordance with the primary purpose and goals of the business. Senior management take primary responsibility for risk management, though generally hire or designate specific risk managers to oversee operations.

A Working Example of Risk Management

A busy factory floor where heavy machinery is used by the workforce represents an example of a setting with a variety of health and safety risks. In such instances, efforts to reduce the likelihood of employee accidents/injuries represent elements of an overall risk management strategy. Regular equipment maintenance, adequate training and supervision, the use of personal protective equipment and strategic positioning of machinery are all examples of risk management in practice.

Risk management in a health and safety capacity also safeguards the company from financial, legal and other risks that may arise in the event of an accident or injury.

Risk Management Strategies

Though every risk management strategy will differ in accordance with the organisation in question, there are certain traits and standards that are universal. An effective risk management strategy involves finding viable ways to avoid the threat entirely, reduce the probability of its occurrence, reduce the consequences of its occurrence, transfer the threat in full or in part to another party or work with the consequences of any given threat breed positive outcomes.

Risk management is a difficult concept to measure, which is why all risk reduction efforts devised and implemented must be both recorded and retained long-term.

Risk Management Standards

Over the years, a numbers of global standards have been drawn up and introduced, in order to help those involved in risk management work to an agreed level of effectiveness. Each standard introduced has its own specific take on frameworks, processes and practices – all of which are updated and amended in a regular basis.

The two most commonly used standards are ISO 31000 2009 – Risk Management Principles and Guidelines and COSO 2004 - Enterprise Risk Management - Integrated Framework.

ISO 31000 

As the most common family of risk management standards followed worldwide, ISO 31000 is generally considered the ‘gold standard’ by risk managers. Its purpose is to standardise guidelines and requirements in a risk management setting, making risk strategies, processes and their ultimate effects more measurable and quantifiable. ISO 31000 is universally compatible across most industries, sectors and geographical regions.

ISO 31000:2009 outlines a variety of standards on dealing with risk, which include:

  1. Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk
  2. Accepting or increasing the risk in order to pursue an opportunity
  3. Removing the risk source
  4. Changing the likelihood
  5. Changing the consequences
  6. Sharing the risk with another party or parties (including contracts and risk financing)
  7. Retaining the risk by informed decision

Business that comply with ISO 31000 standards are recognised as proactively managing and controlling risks to the highest possible extent.


© 2016 Organisation of Certified Risk Managers