Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Risk Management

What is risk management?

Risk management is the identification, assessment, prioritization and mitigation of the impact that uncertainty can place upon an organization. Risk management often is used to help an organization determine its risk appetite—how much risk the organization is willing to assume in order to achieve its stated objectives—as well as to develop the methods for ensuring that the risk an organization does assume does not excessively threaten the organization’s operations or success. 

Risk management addresses both negative risks (preventing or dealing with adverse outcomes) as well as positive risks (better understanding opportunity costs).

The term “risk management” is often used by different groups of professionals to describe rather different, yet related, functions. Risk management might be best thought of as having three different iterations: operational risk management, financial risk management, and enterprise risk management.

What is operational risk management? 

Operational risk management is the management of the risks that arise from the day to day functions of an organization. Many of these risks are legal, physical, and/or insurable in their nature. Compliance has a role to play in operational risk management by helping to prevent behaviors that can result in loss, such as worker injury or legal liabilities.

What is financial risk management? 

Financial risk management focuses on portfolio risk—how the organizations’ financial decisions do or do not expose it to larger financial loss. Financial risk management and operational risk management are often considered separate, but related, disciplines. Compliance has a role to play in financial risk management by helping to prevent excessive risk-taking on the part of portfolio managers.

What is enterprise risk management? 

Enterprise risk management (ERM) is the process by which an organization integrates risk management policies and procedures across all aspects of an organization, with one of the aims being to embed a risk management-oriented culture at all levels, from mundane daily operations to strategic board decisions. Compliance has a role to play in ERM in that there are compliance aspects to any portion of an organization, and harmonizing that creates an enterprisewide solution that easily syncs with ERM in philosophy and execution. 

What is ISO 31000? 

ISO 31000 is a one of a number of internationally recognized risk management standards. It was first published by International Organization for Standardization in 2009, and is actually a family of standards meant to provide a best practices framework for any operation concerned with risk management.

GRC Announcements Blog

Workiva, KPMG alliance transforms risk management, regulatory reporting

GRC Announcements | November 5, 2018

Workiva, a data collaboration, reporting and compliance solutions provider, and U.S. audit, tax, and advisory firm KPMG recently announced an alliance to provide a strategic offering designed to help organizations transform and integrate their risk management, regulatory, and financial reporting and compliance processes by using the Workiva Wdesk platform.

News Article

A wake-up call in cyber supply-chain risk

Jaclyn Jaeger | October 23, 2018

Recent reports of a massive cyber-supply chain attack by Chinese spies on several U.S. companies’ servers have companies stressing about their own supply chain vulnerabilities.

News Article

Best practices in third-party risk management

Jaclyn Jaeger | October 17, 2018

NAVEX Global’s fourth annual third-party risk management benchmark report offers risk and compliance officers a glimpse at how their third-party risk management programs stack up against their peers.

GRC Announcements Blog

Lockpath introduces two new editions of the Keylight Platform

GRC Announcements | October 12, 2018

Lockpath, a provider of integrated risk management solutions, announced the availability of two new product offerings to help companies of any size address risk.

Grapevine Blog

Vanguard appoints global chief risk officer

Scuttlebutt | September 13, 2018

Vanguard, an investment management company, has appointed Joseph Brennan to the newly created position of global chief risk officer. He also will serve as a member of Vanguard’s senior leadership team.

GRC Announcements Blog

GAN Integrity releases new Risk Management module

GRC Announcements | August 31, 2018

GAN Integrity, a fully integrated compliance solution provider for global business, announced the launch of its Risk Management module, designed to enable users to make strategic, data-driven decisions based on a holistic and real-time view of all compliance-related activities.

Grapevine Blog

RBS appoints new group chief risk officer

Scuttlebutt | August 9, 2018

The Royal Bank of Scotland has appointed Bruce Fletcher as its new group chief risk officer, subject to final regulatory approval.

News Article

Managing contracts in an evolving regulatory world

Jaclyn Jaeger | July 3, 2018

Knowing how to properly manage risk across the company’s entire contract portfolio is a critical part of maintaining compliance with contractual agreements and ensuring that contracts remain current and in line with regulatory requirements in the United States and abroad.


Doing the right thing can be a costly investment

Joe Mont | June 6, 2018

High-profile corporate woes are a reminder: Act fast when confronted by malfeasance and worry about the cost afterwards.

News Article

For leading compliance programs, it’s all about technology

Jaclyn Jaeger | May 31, 2018

Leading compliance programs more often use technology tools than do their peers, according to the results of PwC’s annual State of Compliance study. These include data analysis tools, dashboards, continuous monitoring, data warehousing, data extraction tools, and a GRC solution.