Risk management definition

What is Risk Management?

Risk management is the process of understanding the risks to which an organization is subjected and then finding ways to mitigate or work with them. A key element of risk management is identifying all risks, since those that are completely unexpected (such as a pandemic) are the ones that are most likely to cause devastating damage. Accordingly, a risk manager needs to look outside of the company to identify risks, such as examining incidents that have impacted other companies in the same industry, or problems occurring in other countries.

By engaging in risk management, an organization can lower the probability that it will be subjected to large and unexpected losses.

Related AccountingTools Courses

Disaster Recovery Planning

Enterprise Risk Management

Risk Mitigation Activities

There are multiple ways to deal with risk. For example, you could alter operations so that certain risks are avoided; unusually dangerous production work could be outsourced to a supplier. Or, you might retain risks when doing so makes business sense; management could decide that keeping operations in a country where assets are subject to expropriation is an acceptable risk, because profits are so high. A third option is to transfer risk to a third party; a company could purchase insurance, so that an insurance company takes on certain types of risks.

Problems with Risk Mitigation

There are several problems with risk mitigation to be aware of, which can alter your decisions regarding how many risk management activities you want to engage in. These concerns are as follows:

  • Risk mitigation on picayune issues. Your risk management activities may be focused on areas that do not represent an overly large risk of loss, which is a waste of effort. For example, an oil exploration firm could spend too much time mitigating the risk of employees tripping on a drilling platform, while ignoring the much greater risk of a wellhead blowout that could cause massive environmental damage.

  • Added bureaucracy. An overly active risk manager could bury a company under a massive number of risk mitigation policies and procedures, which interfere with its ability to conduct business on a daily basis. If this bureaucracy slows down basic processes, the organization might become less competitive, and eventually lose money.

Given these issues, risk management needs to be precisely targeted at specific high-loss targets, while paying less attention to lower-risk, low-loss issues.