Risk Management Primer

Introduction

Today risk management is an important part of the day-to-day operations of most organisations. In contrast to the mid-1990s, there are now a multitude of institutes, educational courses and books devoted to the subject. Risk management is not the core subject of this book so we do not need to examine the development of the theory in great detail here. However, in my view an understanding of the fundamental principles of risk management is needed in order to manage fraud threats effectively. So, it is important to understand the basics.

We start with a definition. There are of course many definitions of risk management today. The earliest was set out in the first recognised Risk Management Standard published in 1995 following its development by a multi-disciplinary task force of Standards Australia/Standards New Zealand.⁵ The Standard has been revised since but the power of the original definition remains and is sufficient for our purposes as follows:

Risk management is a process to identify, assess, manage and control potential events or situations, to provide reasonable assurance regarding the achievement of the organisation's objectives.

The very important principle that risk management provides organisations with “reasonable assurance” regarding the achievement of objectives, and not with certainty, is set out here. Also, the framework for the management of risk in a business context is established around the achievement of the organisation's ...