Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Risk Management

What is risk management?

Risk management is the identification, assessment, prioritization and mitigation of the impact that uncertainty can place upon an organization. Risk management often is used to help an organization determine its risk appetite—how much risk the organization is willing to assume in order to achieve its stated objectives—as well as to develop the methods for ensuring that the risk an organization does assume does not excessively threaten the organization’s operations or success. 

Risk management addresses both negative risks (preventing or dealing with adverse outcomes) as well as positive risks (better understanding opportunity costs).

The term “risk management” is often used by different groups of professionals to describe rather different, yet related, functions. Risk management might be best thought of as having three different iterations: operational risk management, financial risk management, and enterprise risk management.

What is operational risk management? 

Operational risk management is the management of the risks that arise from the day to day functions of an organization. Many of these risks are legal, physical, and/or insurable in their nature. Compliance has a role to play in operational risk management by helping to prevent behaviors that can result in loss, such as worker injury or legal liabilities.

What is financial risk management? 

Financial risk management focuses on portfolio risk—how the organizations’ financial decisions do or do not expose it to larger financial loss. Financial risk management and operational risk management are often considered separate, but related, disciplines. Compliance has a role to play in financial risk management by helping to prevent excessive risk-taking on the part of portfolio managers.

What is enterprise risk management? 

Enterprise risk management (ERM) is the process by which an organization integrates risk management policies and procedures across all aspects of an organization, with one of the aims being to embed a risk management-oriented culture at all levels, from mundane daily operations to strategic board decisions. Compliance has a role to play in ERM in that there are compliance aspects to any portion of an organization, and harmonizing that creates an enterprisewide solution that easily syncs with ERM in philosophy and execution. 

What is ISO 31000? 

ISO 31000 is a one of a number of internationally recognized risk management standards. It was first published by International Organization for Standardization in 2009, and is actually a family of standards meant to provide a best practices framework for any operation concerned with risk management.

News Article

3M’s John Ostergren on supply chain, third-party risk management

Joe Mont | August 29, 2017

Smart companies understand which risks to take on in the interest of growth and which ones must be shunned, says John Ostergren, director of environment, health and safety at 3M.

News Article

Building a resilient supply chain

Jaclyn Jaeger | August 1, 2017

Recent reports from CAPS Research and RapidRatings on the overall state of supply chain risk management highlights some best practices of advanced programs.

News Article

Correspondent banking fades; de-risking gets the blame

Joe Mont | July 11, 2017

In an ironic twist, regulation designed to protect the global financial system is forcing whole regions outside the regulated financial system, creating more risk for everyone.

News Article

How do your risk oversight processes stack up?

Jaclyn Jaeger | July 11, 2017

A pair of recently published reports draw a straight line between strong enterprise-wide risk management and strategic execution.


Uncontrolled text messaging exposes your company to massive risk

Mike Pagani | July 5, 2017

Texting isn’t just dangerous while driving; unless you archive your company’s SMS/text message traffic, you risk substantial legal, reputational, and regulatory risk.

Grapevine Blog

Bryn Mawr Trust appoints chief risk officer

Scuttlebutt | June 19, 2017

Bryn Mawr Bank Corporation, a financial services company, has appointed Patrick Killeen as chief risk officer and senior vice president of BMT’s risk management division, effective as of June 5.

News Article

Evolving toward a modernized compliance program

Jaclyn Jaeger | June 20, 2017

The key to building a truly forward-facing compliance function is to make it proactive and predictive, visionary, and strategic. And none of that is particularly easy.

News Article

The quest to build business value from risk mitigation

Joe Mont | May 31, 2017

Compliance and risk mitigation, in traditional terms, are situated within the organization to plant a stop sign ahead of bad behavior. Is there a better approach?

GRC Announcements Blog

Edgile introduces technology diagnostics managed service for financial firms

GRC Announcements | May 4, 2017

Edgile, a security and risk consulting firm and provider of industry-specific regulatory content libraries, recently introduced its Technology Diagnostics Managed Service, providing financial services first with critical insights to more quickly and effectively assess their cyber practices, risks, and compliance readiness.

GRC Announcements Blog

Protiviti Digital helps companies shift to digital business model

GRC Announcements | May 4, 2017

Global consulting firm Protiviti has launched an innovative multi-competency digitalization offering, known as Protiviti Digital.