Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Risk Management

What is risk management?

Risk management is the identification, assessment, prioritization and mitigation of the impact that uncertainty can place upon an organization. Risk management often is used to help an organization determine its risk appetite—how much risk the organization is willing to assume in order to achieve its stated objectives—as well as to develop the methods for ensuring that the risk an organization does assume does not excessively threaten the organization’s operations or success. 

Risk management addresses both negative risks (preventing or dealing with adverse outcomes) as well as positive risks (better understanding opportunity costs).

The term “risk management” is often used by different groups of professionals to describe rather different, yet related, functions. Risk management might be best thought of as having three different iterations: operational risk management, financial risk management, and enterprise risk management.

What is operational risk management? 

Operational risk management is the management of the risks that arise from the day to day functions of an organization. Many of these risks are legal, physical, and/or insurable in their nature. Compliance has a role to play in operational risk management by helping to prevent behaviors that can result in loss, such as worker injury or legal liabilities.

What is financial risk management? 

Financial risk management focuses on portfolio risk—how the organizations’ financial decisions do or do not expose it to larger financial loss. Financial risk management and operational risk management are often considered separate, but related, disciplines. Compliance has a role to play in financial risk management by helping to prevent excessive risk-taking on the part of portfolio managers.

What is enterprise risk management? 

Enterprise risk management (ERM) is the process by which an organization integrates risk management policies and procedures across all aspects of an organization, with one of the aims being to embed a risk management-oriented culture at all levels, from mundane daily operations to strategic board decisions. Compliance has a role to play in ERM in that there are compliance aspects to any portion of an organization, and harmonizing that creates an enterprisewide solution that easily syncs with ERM in philosophy and execution. 

What is ISO 31000? 

ISO 31000 is a one of a number of internationally recognized risk management standards. It was first published by International Organization for Standardization in 2009, and is actually a family of standards meant to provide a best practices framework for any operation concerned with risk management.

GRC Announcements Blog

Resolver acquires RiskVision

GRC Announcements | October 20, 2017

Resolver, a risk and incident-management software provider, finalized the acquisition of RiskVision, increasing its position in IT risk and compliance markets. As a result of the acquisition, Resolver will employ a team of over 225 security, risk, and compliance professionals.

GRC Announcements Blog

Fusion Risk Management expands presence in Europe

GRC Announcements | October 20, 2017

Fusion Risk Management, a provider of business continuity risk management software and services, announced the expansion of its European presence to keep pace with rapidly growing market demand and to support engagement among its burgeoning community of enterprise customers in Europe.

The Man From FCPA Blog

What is high risk for your brand?

Tom Fox | October 19, 2017

The fraudulent certification scandal that rocked Japanese steel manufacturer Kobe Steel serves as a warning to other companies: Make sure your front-line employees feel like they can speak up in the face of fraudulent behavior.

News Article

3M’s John Ostergren on supply chain, third-party risk management

Joe Mont | August 29, 2017

Smart companies understand which risks to take on in the interest of growth and which ones must be shunned, says John Ostergren, director of environment, health and safety at 3M.

News Article

Building a resilient supply chain

Jaclyn Jaeger | August 1, 2017

Recent reports from CAPS Research and RapidRatings on the overall state of supply chain risk management highlights some best practices of advanced programs.

News Article

Correspondent banking fades; de-risking gets the blame

Joe Mont | July 11, 2017

In an ironic twist, regulation designed to protect the global financial system is forcing whole regions outside the regulated financial system, creating more risk for everyone.

News Article

How do your risk oversight processes stack up?

Jaclyn Jaeger | July 11, 2017

A pair of recently published reports draw a straight line between strong enterprise-wide risk management and strategic execution.


Uncontrolled text messaging exposes your company to massive risk

Mike Pagani | July 5, 2017

Texting isn’t just dangerous while driving; unless you archive your company’s SMS/text message traffic, you risk substantial legal, reputational, and regulatory risk.

Grapevine Blog

Bryn Mawr Trust appoints chief risk officer

Scuttlebutt | June 19, 2017

Bryn Mawr Bank Corporation, a financial services company, has appointed Patrick Killeen as chief risk officer and senior vice president of BMT’s risk management division, effective as of June 5.