Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.
Investor and customer confidence relies heavily on alleviating risk. These threats, or risks, could stem from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents, natural disasters and information technology (IT) security threats.
In recent years, several industry and government bodies have expanded regulatory compliance rules that scrutinize companies' risk management plans, policies and procedures. In an increasing number of industries, boards of directors are required to review and report on the adequacy of enterprise risk management processes. As a result, risk analysis, internal audits and other means of measuring the effectiveness of risk management processes have become major components of business strategy.
Risk management standards have been developed by several organizations, including the National Institute of Standards and Technology and the ISO. These standards are designed to help organizations identify specific threats, assess unique vulnerabilities to determine their risk, identify ways to reduce these risks and then implement risk reduction efforts according to organizational strategy.