Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Risk Management

What is risk management?

Risk management is the identification, assessment, prioritization and mitigation of the impact that uncertainty can place upon an organization. Risk management often is used to help an organization determine its risk appetite—how much risk the organization is willing to assume in order to achieve its stated objectives—as well as to develop the methods for ensuring that the risk an organization does assume does not excessively threaten the organization’s operations or success. 

Risk management addresses both negative risks (preventing or dealing with adverse outcomes) as well as positive risks (better understanding opportunity costs).

The term “risk management” is often used by different groups of professionals to describe rather different, yet related, functions. Risk management might be best thought of as having three different iterations: operational risk management, financial risk management, and enterprise risk management.

What is operational risk management? 

Operational risk management is the management of the risks that arise from the day to day functions of an organization. Many of these risks are legal, physical, and/or insurable in their nature. Compliance has a role to play in operational risk management by helping to prevent behaviors that can result in loss, such as worker injury or legal liabilities.

What is financial risk management? 

Financial risk management focuses on portfolio risk—how the organizations’ financial decisions do or do not expose it to larger financial loss. Financial risk management and operational risk management are often considered separate, but related, disciplines. Compliance has a role to play in financial risk management by helping to prevent excessive risk-taking on the part of portfolio managers.

What is enterprise risk management? 

Enterprise risk management (ERM) is the process by which an organization integrates risk management policies and procedures across all aspects of an organization, with one of the aims being to embed a risk management-oriented culture at all levels, from mundane daily operations to strategic board decisions. Compliance has a role to play in ERM in that there are compliance aspects to any portion of an organization, and harmonizing that creates an enterprisewide solution that easily syncs with ERM in philosophy and execution. 

What is ISO 31000? 

ISO 31000 is a one of a number of internationally recognized risk management standards. It was first published by International Organization for Standardization in 2009, and is actually a family of standards meant to provide a best practices framework for any operation concerned with risk management.


The supply chain risks-rewards of 3D printing

Jaclyn Jaeger | March 20, 2018

What was once science fiction is fast becoming practical risk management, especially when it comes to 3D printing. Supply chain leaders should keep pace with technology.


Companies grapple with guns

Joe Mont | March 20, 2018

Gun bans and NRA boycotts may just be the start of new risk management strategies and corporate governance reforms. The true test of corporate mettle will come as the media furor dies down.

Accounting & Auditing Update Blog

PwC internal audit study centers on need for innovation

Tammy Whitehouse | March 12, 2018

Technology and innovation should be a priority for internal auditors, in terms of both the risks  it produces and how auditors use it to address risks.

The Man From FCPA Blog

The role of risk management in compliance

Tom Fox | January 8, 2018

As compliance evolves and corporate compliance programs become more sophisticated, compliance is seen not as simply a legal prophylactic, but as a business process, writes The Man From FCPA.

News Article

Choosing an executive education program

Jaclyn Jaeger | December 4, 2017

As compliance officers increasingly turn to executive training to hone skills, learn topics in-depth, and network, what should they be looking for in a program before committing to one?

GRC Announcements Blog

Resolver acquires RiskVision

GRC Announcements | October 20, 2017

Resolver, a risk and incident-management software provider, finalized the acquisition of RiskVision, increasing its position in IT risk and compliance markets. As a result of the acquisition, Resolver will employ a team of over 225 security, risk, and compliance professionals.

GRC Announcements Blog

Fusion Risk Management expands presence in Europe

GRC Announcements | October 20, 2017

Fusion Risk Management, a provider of business continuity risk management software and services, announced the expansion of its European presence to keep pace with rapidly growing market demand and to support engagement among its burgeoning community of enterprise customers in Europe.