What is Risk Management?
Risk Management, or Enterprise Risk Management (ERM), is the process of identification, analysis and acceptance or mitigation of uncertainty to an organization’s capital and earnings. These threats, or risks, can include financial uncertainty, legal liabilities, strategic management errors, IT security threats (malware, unwanted access to sensitive data, etc.), accidents and natural disasters. Employees within the Risk Management Group are essentially responsible for evaluating all the risks the company faces, formulating responses and plans of action to mitigate and respond to those risks and to make such plans of action available to all stakeholders, shareholders and potential investors (typically within the company’s annual reports).
A typical risk management organization is composed of several common sub-functions, or teams, that work together to regulate company activates to ensure that they are in line with all applicable laws, rules and regulations as well as internal codes of conduct, policies and procedures (Compliance), develop the system of rules, practices and processes by which a company is directed and controlled (Corporate Governance), train employees on issues such as conflicts of interest and ethical decision-making (Ethics), examine the efficiency and performance of the company’s risk control functions and other departments to ensure that all aspects of the company’s business are adhering to defined internal and external policies, laws and regulations (Internal Audit), research and determine current and future risks that may be hazardous to the company’s business operations (Risk Assessment) and define the company’s data collection procedures, create clear and understandable reports and distribute them to company management and government institutions (Risk Reporting). Browse our Risk Management organization chart page to learn about the roles and responsibilities of each major function. Then, download our org chart template (PDF, Visio) to plan and support risk management operational improvement efforts.
Check out our risk management best practices page to view selected descriptions of work methods that have been proven to produce better results (as compared to other, similar methods). Want more? Download our Risk Management Best Practices Guide, which provides a healthy selection of valuable best practices that can be incorporated to improve risk management operations. There might not be only one "best" way to perform every task. However, there is always a "better" way.