Risk management definition
What is risk management? Everybody has a slightly different answer to the question and the definition of risk also depends on who you are talking to.
Fortunately, there is an international standard ISO 31000 (adopted in Australia and New Zealand as AS/NZS ISO 31000: 2009 Risk management - Principles and guidelines) available from Standards New Zealand.
The standard defines risk as "the effect of uncertainty on objectives".
Some people use terms such as "enterprise risk management", "strategic risk management" or "integrated risk management". We believe plain "risk management" is enough to capture the full meaning of risk management. It is defined in the Standard as "the coordinated activities to direct and control an organisation with regard to risk". This definition is very similar to other management system definitions published by the International Standards Organisation (eg, quality management and environmental management).
AS/NZS ISO 31000 defines the risk management process as "the systematic application of management policies, procedures and practices to the tasks of communicating, establishing the context, identifying, analysing, evaluating, treating, monitoring and reviewing risk"
An organisation also needs systems in place that facilitate risk management, including communication and consultation, and monitoring and review. These are described in ISO 31000 and handbooks published by Standards NZ on risk.
Risk management must be part of an open style of corporate governance - it is one of the key links between good governance and other areas of management.
Sometimes, risk management is seen as a subset of other areas of management - we think that all management is (or should be) risk management. AS/NZS ISO 31000 states 11 principles for risk management, including integration into all organisational processes.
Research and experience show the most effective risk management is integrated into organisational processes and practices. Put another way, there is a single management system directed at achieving the objectives of the organisation.
This approach will result in other technical management systems being aligned into a single corporate programme. This often includes occupational health and safety, quality and environmental management.
Corporate Social Responsibility
As a risk management consultancy it is the policy of Risk Management Ltd (RML) to:
- treat all people equally and with respect, regardless of gender, ethnicity, age, ability or other personal characteristics
- promote the health, safety and welfare of company employees both inside and outside work hours
- work to protect and enhance our environment
- act ethically in the interests of clients.
Read our full statement here.