Risk Management definition

Risk management is a process whereby organisations identify and analyse potential hazards and put in place policies to reduce or mitigate their exposure to these hazards. Prioritising is an important part of risk management as companies will inevitably be unable to tackle all potential risks at the same time.

Assessments of risk are often conducted using a formula which assigns risks a relative value, known as the composite risk index. The composite risk index is made up of the potential impact of the risk multiplied by the probability of the risk happening.

Risk management covers risks in diverse areas including related to legal compliance, natural disasters and weather, sabotage by competitors, market uncertainties and funding problems.

ISO 31000, from the International Organization for Standardization, is a family of standards related to risk management and covers principles and guidelines on implementation of risk management, assessment techniques and standardised vocabulary.

According to the ISO standards, risk management strategies must create value, be continually or periodically reassessed, part of the decision-making process and explicitly address uncertainty and assumptions.