Risk management is the process of helping an organization to identify risk, assess risk and then address risk. There is more than one way to accomplish this task and reduce risk. In picking one for your organization, it is important to consider the context in which you're doing risk management, as well as the risk management philosophy and risk tolerance of your organization.
Some of the best known risk management methodology programs come from such organizations as the International Organization for Standardization (ISO), the Project Management Institute, various insurance and actuary groups and the National Institute of Science and Technology among others. Each risk management methodology provides a different definition of risk management. They also stress different strategies for how to address and reduce risk. These techniques include trying to avoid the risk altogether, gauging the probability of a given risk, transferring the risk through insurance or other financial mechanisms and financing the costs of the risk within your organization.
It is important to choose your risk management methodology based on your given situation. A different risk management methodology could be needed if your concern is security than if you are involved in heavy industry. You might need a different risk management methodology for financial risk management than for evaluating risk on a project-by-project basis. That's because you will face different kinds of risks in each situation, such as credit risk and financial market risk in a financial situation or contractual risk in project management.
No matter what risk management methodology you follow, there are certain common risk management principles. One of the first is the notion of risk prioritization. This means that you deal first with risks that are considered to be the greatest threats, either because they would have the biggest impact or because they occur most often. It can be difficult to determine whether high frequency risks are more critical than high impact, or severity, risks. Another common risk management principle is that risk management should always be a key part of decision making and company processes.
A risk management methodology should also focus on how to allocate organizational resources to handle the risks identified. In some cases, risk management can be seen as a way to take advantage of uncertainty. On the other hand, in some organizations, risk management could be considered a cost center and something that interferes with the organization's normal activities. Getting resources for risk management in the former situation could be challenging.
