Business Applications

The application of risk management concepts was born thousands of years ago; in Chapter 8, we noted how references to insurance and derivatives could be found in texts that are thousands of years old. However, only since the 1970s has risk management really evolved as a business discipline, thanks to a combination of factors—economic liberalization, the rise of shareholder power, regulatory pressures, and the increase in computational power among them.

There are three major business applications of risk management. The first is loss reduction, the second is uncertainty management, and the third is performance optimization. The combination of all three is enterprise risk management. This order is both the order in which the applications were developed historically, and also the order in which a particular institution will typically develop its risk management capabilities. Let's consider these in turn.


The first stage in risk management, which emerged during the 1970s and 1980s, focuses on protection against downside risks. Risk management practices mainly involved establishing credit controls, investment and liquidity policies, audit procedures, and insurance coverage. The objective of these defensive risk management practices was to minimize losses:

  • Credit risk management was designed to reduce the probability of default and to maximize recovery in the event of default, through credit approval at the front end, ...

Get Enterprise Risk Management: From Incentives to Controls, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.