Starting with the basics
Just what is risk management?
The term ‘risk management’ can mean many different things to differ-
ent people. To some the phrase is exciting it’s all about taking and
managing risks. To others the phrase is a big turn-off it reeks of con-
trol and bureaucracy. However you look at it, in a world of uncertainty,
risk is inevitable and actually desirable. If we had no uncertainty and
therefore no risk, then life, including business life, would be predictable,
unrewarding and boring.
So maybe the term risk management needs to be dissected. Risk
is ‘exciting’ but management is boring’? But risk taking without man-
agement is reckless and we all know many (recent) examples of that.
In everyday life as in business specifically, all risk takers are good risk
managers or they end up dead – metaphorically or literally.
Risk management is also a term that means different things to dif-
ferent businesses. In banking and insurance, risk management tends
to be a purely financial process for measuring (and hopefully manag-
ing) financial exposure. To the manager of a nuclear power plant, risk
management is all about avoiding physical disaster. To the manager of
a large change project, it’s making sure that delivery is on time, within
budget and the project meets its objectives.
Trying to be a little more structured about this, without trying to be
exhaustive, the main areas of risk management are:
Financial risk management
the process of evaluating and
managing current and possible financial risk in a business in
order to decrease the business’s exposure to the risk. Financial
risk managers must identify the risk, evaluate all possible rem-
edies and then implement steps necessary to alleviate the risk.
These risks are typically analysed by using financial instruments
such as indicators, losses, scenario analysis, stress testing and
mathematical modelling as a method of counteracting possible
ramifications. Financial risk management tends to concen-
trate on credit risk and market risk. Financial risk management
cannot protect a firm from all possible risks because some are
unexpected and cannot be addressed quickly enough. All finan-
cial intuitions have significant risk management functions and
large corporations have scaled-down risk management depart-
ments normally as part of their audit or treasury functions.
Insurance: the promise of covering the risk of potential
future losses in exchange for a periodic payment. Insurance
is designed to protect the financial well-being of an individ-
ual, company or other entity in the case of unexpected loss.
Agreeing to the terms of an insurance policy creates a contract
between the insured and the insurer. In exchange for pay-
ments from the insured (i.e. the premiums), the insurer agrees
to pay the policyholder a sum of money upon the occurrence
of a specific event. The classic example of insurance is in the
shipping industry where ships and their cargoes are covered
by policies which pay out if the worst risks are realised.
Operational risk management: the management of the non-
(purely) financial aspects of the business. This focuses on the
risk to the ongoing business processes and the potential for
them to break down. For example, the risk of fraud in a bank’s
payment system could lead to major unchecked losses, or the
fire in a data centre could lead to serious breakdown of busi-
ness continuity. This would also cover the reputational risk to
the organisation if a process or product fails.

Get Fast Track to Success: Risk Management now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.