Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Risk Management

What is risk management?

Risk management is the identification, assessment, prioritization and mitigation of the impact that uncertainty can place upon an organization. Risk management often is used to help an organization determine its risk appetite—how much risk the organization is willing to assume in order to achieve its stated objectives—as well as to develop the methods for ensuring that the risk an organization does assume does not excessively threaten the organization’s operations or success. 

Risk management addresses both negative risks (preventing or dealing with adverse outcomes) as well as positive risks (better understanding opportunity costs).

The term “risk management” is often used by different groups of professionals to describe rather different, yet related, functions. Risk management might be best thought of as having three different iterations: operational risk management, financial risk management, and enterprise risk management.

What is operational risk management? 

Operational risk management is the management of the risks that arise from the day to day functions of an organization. Many of these risks are legal, physical, and/or insurable in their nature. Compliance has a role to play in operational risk management by helping to prevent behaviors that can result in loss, such as worker injury or legal liabilities.

What is financial risk management? 

Financial risk management focuses on portfolio risk—how the organizations’ financial decisions do or do not expose it to larger financial loss. Financial risk management and operational risk management are often considered separate, but related, disciplines. Compliance has a role to play in financial risk management by helping to prevent excessive risk-taking on the part of portfolio managers.

What is enterprise risk management? 

Enterprise risk management (ERM) is the process by which an organization integrates risk management policies and procedures across all aspects of an organization, with one of the aims being to embed a risk management-oriented culture at all levels, from mundane daily operations to strategic board decisions. Compliance has a role to play in ERM in that there are compliance aspects to any portion of an organization, and harmonizing that creates an enterprisewide solution that easily syncs with ERM in philosophy and execution. 

What is ISO 31000? 

ISO 31000 is a one of a number of internationally recognized risk management standards. It was first published by International Organization for Standardization in 2009, and is actually a family of standards meant to provide a best practices framework for any operation concerned with risk management.

GRC Announcements Blog

Argos Risk announces partnership with SAI Global

GRC Announcements | February 21, 2019

Argos Risk, a third-party risk intelligence solutions provider, announced its partnership with SAI Global on an integrated approach to vendor risk management.

GRC Announcements Blog

ACL acquires Rsam

GRC Announcements | February 4, 2019

Software company ACL announced the acquisition of Rsam, a provider of IT, vendor, and security risk management solutions.

The Filing Cabinet Blog

Deloitte: financial institutions reengineer risk management

Joe Mont | January 28, 2019

Financial institutions are beginning new efforts to reengineer their risk management programs and tap into emerging technologies, according to a survey conducted by Deloitte Global.


Q&A: A view of bank risk from the battlefield

Joe Mont | January 24, 2019

Compliance Week talked with Stuart Brock, director of Seal Software, about the risks faced by banks—not the least of which is third-party due diligence.

GRC Announcements Blog

Dun & Bradstreet unveils new TPRM solution

GRC Announcements | January 23, 2019

Commercial data firm Dun & Bradstreet announced the availability of D&B Compass, its new third-party risk management solution.

GRC Announcements Blog

BDO acquires Global Trade Strategies, Lootok

GRC Announcements | January 9, 2019

Accounting and advisory firm BDO USA announced the separate acquisitions of customs and international trade regulation consulting firm Global Trade Strategies and crisis management company Lootok.

News Article

Top 10 risks that will keep executives on their toes in 2019

Jaclyn Jaeger | January 8, 2019

A recent survey conducted by global consulting firm Protiviti and North Carolina State University’s Enterprise Risk Management Initiative reveals the top 10 risks facing board of directors and executive management teams in 2019.

News Article

Operational resiliency today

Michael Rasmussen | December 13, 2018

This latest installment of the CW/OCEG GRC Illustrated Series provides readers with details on how to implement a strategic approach to operational risk strategy coupled with an integrated information and technology architecture. 

GRC Announcements Blog

Coupa Software acquires Hiperos

GRC Announcements | December 11, 2018

Business spend management platform Coupa Software announced the acquisition of Hiperos, a third-party risk management provider.

News Article

A country-by-country assessment of bribery risk

Jaclyn Jaeger | December 6, 2018

The 2018 TRACE Bribery Risk Matrix has the latest business-related bribery risk figures for countries around the world. Compliance practitioners may want to pay close attention to those countries in which they operate.