Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Risk Management

What is risk management?

Risk management is the identification, assessment, prioritization and mitigation of the impact that uncertainty can place upon an organization. Risk management often is used to help an organization determine its risk appetite—how much risk the organization is willing to assume in order to achieve its stated objectives—as well as to develop the methods for ensuring that the risk an organization does assume does not excessively threaten the organization’s operations or success. 

Risk management addresses both negative risks (preventing or dealing with adverse outcomes) as well as positive risks (better understanding opportunity costs).

The term “risk management” is often used by different groups of professionals to describe rather different, yet related, functions. Risk management might be best thought of as having three different iterations: operational risk management, financial risk management, and enterprise risk management.

What is operational risk management? 

Operational risk management is the management of the risks that arise from the day to day functions of an organization. Many of these risks are legal, physical, and/or insurable in their nature. Compliance has a role to play in operational risk management by helping to prevent behaviors that can result in loss, such as worker injury or legal liabilities.

What is financial risk management? 

Financial risk management focuses on portfolio risk—how the organizations’ financial decisions do or do not expose it to larger financial loss. Financial risk management and operational risk management are often considered separate, but related, disciplines. Compliance has a role to play in financial risk management by helping to prevent excessive risk-taking on the part of portfolio managers.

What is enterprise risk management? 

Enterprise risk management (ERM) is the process by which an organization integrates risk management policies and procedures across all aspects of an organization, with one of the aims being to embed a risk management-oriented culture at all levels, from mundane daily operations to strategic board decisions. Compliance has a role to play in ERM in that there are compliance aspects to any portion of an organization, and harmonizing that creates an enterprisewide solution that easily syncs with ERM in philosophy and execution. 

What is ISO 31000? 

ISO 31000 is a one of a number of internationally recognized risk management standards. It was first published by International Organization for Standardization in 2009, and is actually a family of standards meant to provide a best practices framework for any operation concerned with risk management.

Grapevine Blog

Vanguard appoints global chief risk officer

Scuttlebutt | September 13, 2018

Vanguard, an investment management company, has appointed Joseph Brennan to the newly created position of global chief risk officer. He also will serve as a member of Vanguard’s senior leadership team.

GRC Announcements Blog

GAN Integrity releases new Risk Management module

GRC Announcements | August 31, 2018

GAN Integrity, a fully integrated compliance solution provider for global business, announced the launch of its Risk Management module, designed to enable users to make strategic, data-driven decisions based on a holistic and real-time view of all compliance-related activities.

Grapevine Blog

RBS appoints new group chief risk officer

Scuttlebutt | August 9, 2018

The Royal Bank of Scotland has appointed Bruce Fletcher as its new group chief risk officer, subject to final regulatory approval.

News Article

Managing contracts in an evolving regulatory world

Jaclyn Jaeger | July 3, 2018

Knowing how to properly manage risk across the company’s entire contract portfolio is a critical part of maintaining compliance with contractual agreements and ensuring that contracts remain current and in line with regulatory requirements in the United States and abroad.


Doing the right thing can be a costly investment

Joe Mont | June 6, 2018

High-profile corporate woes are a reminder: Act fast when confronted by malfeasance and worry about the cost afterwards.

News Article

For leading compliance programs, it’s all about technology

Jaclyn Jaeger | May 31, 2018

Leading compliance programs more often use technology tools than do their peers, according to the results of PwC’s annual State of Compliance study. These include data analysis tools, dashboards, continuous monitoring, data warehousing, data extraction tools, and a GRC solution.

News Article

Self-disclosure can root out conflicts of interest

Joe Mont | May 30, 2018

The world is a complicated place. Life choices and side hustles are increasingly pushing employees toward potential conflicts of interest. A solid risk management strategy can keep them happy while creating the visibility needed to protect company interests.

News Article

Emerging companies a compliance quandary in global market

Joe Mont | May 29, 2018

How do you build an effective anti-corruption compliance program in emerging markets? Know their culture, customs, and language; then leverage that knowledge to create trust and on-the-ground adherents, advised panelists at the Compliance Week 2018 conference.

Accounting & Auditing Update Blog

New study shows low levels of comprehensive ERM

Tammy Whitehouse | March 27, 2018

Formalized, comprehensive approaches to ERM are not terribly baked into corporate practices, according to a recent study by the accounting profession.