What is Risk Management?
Updated: Dec 4, 2019
The term Risk Management can conjure up many descriptions but is probably best defined by ISO 31000 as the “effect of uncertainty on objectives”, which focuses on the effect of incomplete knowledge of events or circumstances on an organization’s decision making.
We of course manage and mitigate many risks in our daily lives, often without a further thought, for example following the speed limits whilst driving and insuring our homes from fire and flood. In a corporate environment there are risks to the firm both from internal and external events which can have a direct impact on objectives. This is particularly true when these risks are not managed or correctly forecast as they may have a catastrophic impact on business profitability and revenue.
The idea behind Risk Management is rather than managing risk on an ad hoc or piecemeal way as they occur is to tackle them comprehensively by undertaking a review to consider all risks impacting a business. This review, known as Enterprise Risk Management (ERM) allows the business directors to determine the risks facing the firm, from both an internal and external point of view, across its whole business. The ERM results can then be used to assess the risk appetite of stakeholders and how much equity/capital that shareholders are prepared to allocate against these risks.
Furthermore, ERM helps to identify specific events or conditions related to the business's objectives (risks and opportunities), assessing them for probability and magnitude of impact, determining a strategy to mitigate these, and establishing monitoring and reporting process. Thereby by addressing these risks and opportunities, businesses can defend and strengthen the firms value for their stakeholders.
In the next blog we will develop further the stages of identifying, assessing, mitigating and monitoring the firm's risks.
If you would like to learn more about Risk Management please feel free to contact me for a meeting.