Preface
Risk management is one of those concepts where many business professionals will agree that, “Yes, we need a good risk management program!” but those same professionals often have difficulty, when pressed for a better definition, explaining what they mean by the term risk management. For many business professionals, this lack of a consistent understanding of risk management has been similar, until recently, to the earlier lack of a general understanding of the term internal controls. Going as far back as the 1950s in the United States, internal and external auditors as well as many business professionals talked about the importance of good internal controls, but there was no one widely accepted, consistent definition of what was meant by that expression. It was not until the early 1990s with the release of the COSO internal control framework that we have had a consistent and widely recognized definition of internal controls for all enterprises.
Risk management has had a similar history of inconsistent and not always clearly understood definitions. Insurance enterprises had their own definitions of risk management while others, such as credit management, have had a whole different set of definitions and understandings. Project managers had been frequently asked to rate a proposed new effort as high, medium, or low risk without fully understanding the meaning of such a rating. Over past years and until the very recent present, many enterprises including for-profit entities, ...
