Managing risk is a normal and critical function of management and is a major component of business success. Risks cannot and should not be eliminated; neither must they be ignored because the potential rewards of success usually increase as the risk increases. However, opportunities and risks must be understood and managed for success. Manage the risks and you position yourself and your organisation for competitive advantage and increased rewards.
Risk Management is the process of identifying, assessing, measuring, accepting and treating risk. Risk Management, Security, Business Continuity Management (BCM), ICT Governance and Corporate Governance are inextricably linked. Each of these pillars of enterprise management requires that the others be in place. Organisations must develop processes to identify and evaluate opportunities and risks, and to treat unacceptable risks. They must also develop contingency plans to manage unplanned events and ensure continuity of critical activities at a level acceptable to key stakeholders, regardless of those events. These processes will support a competitive advantage, yet without these processes in place, an organisation may not survive.
Risk Management is implemented through:
- Identification of threats and risks
- Assessment of risk in a business context
- Analysis of the likelihood of threats occurring
- Determining course of action (whether to treat or accept the risk)
- Acting and reporting
- Re-evaluation