Risk Management


Risk management is the identification, evaluation, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

  • Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings. These threats, or risks, could stem from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents and natural disasters.
  • And the impact of occurrence. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. This guide provides a foundation for the development of an effective risk management program, containing both the definitions and the.
Risk Management

Environmental risk management seeks to determine what environmental risks exist and then determine how to manage those risk in a way best suited to protect human health and the environment.

As described in EPA’s Risk Characterization Handbook, is the process which evaluates how to protect public health. Examples of risk management actions include deciding how much of a substance a company may discharge into a river; deciding which substances may be stored at a hazardous waste disposal facility; deciding to what extent a hazardous waste site must be cleaned up; setting permit levels for discharge, storage, or transport; establishing national ambient air quality standards; and determining allowable levels of contamination in drinking water.

Risk assessment provides information on potential health or ecological risks, and risk management is the action taken based on consideration of that and other information, as follows:

  • Scientific factors provide the basis for the risk assessment, including information drawn from toxicology, chemistry, epidemiology, ecology, and statistics - to name a few.
  • Economic factors inform the manager on the cost of risks and the benefits of reducing them, the costs of risk mitigation or remediation options and the distributional effects.
  • Laws and legal decisions are factors that define the basis for the Agency’s risk assessments, management decisions, and, in some instances, the schedule, level or methods for risk reduction.
  • Social factors, such as income level, ethnic background, community values, land use, zoning, availability of health care, life style, and psychological condition of the affected populations, may affect the susceptibility of an individual or a definable group to risks from a particular stressor.
  • Technological factors include the feasibility, impacts, and range of risk management options.
  • Political factors are based on the interactions among branches of the Federal government, with other Federal, state, and local government entities, and even with foreign governments; these may range from practices defined by Agency policy and political administrations through inquiries from members of Congress, special interest groups, or concerned citizens.
  • Public values reflect the broad attitudes of society about environmental risks and risk management.

Learn more about EPA’s Risk Characterization Handbook.

Below are links to a few risk management tools used by EPA management to inform decisions makers:

Risk Management
  • EPA. 2015. How to Better Prepare Your Community for a Chemical Emergency A Guide for State, Tribal and Local Agencies. (EPA-0-F-15-002), Washington, DC.
  • EPA. 2000. Learning to Listen: A Cooperative Approach to Developing Innovative Strategies. (EPA-231-R-00-004), Washington, DC.
  • EPA. 1998. Ecological Research Strategy (EPA-600-R-98-086), Washington, DC.
  • EPA. 1992. Environmental Equity: Reducing Risk for all Communities. (EPA-230-R-92-008), Washington, DC.

Literally speaking, risk management is the process of minimizing or mitigating the risk. It starts with the identification and evaluation of risk followed by optimal use of resources to monitor and minimize the same.

Risk generally results from uncertainty. In organizations this risk can come from uncertainty in the market place (demand, supply and Stock market), failure of projects, accidents, natural disasters etc. There are different tools to deal with the same depending upon the kind of risk.

Ideally in risk management, a risk prioritization process is followed in which those risks that pose the threat of great loss and have great probability of occurrence are dealt with first. Refer to table below:

SIGNIFICANTConsiderable Management RequiredMust Manage and Monitor RisksExtensive Management essential
MODERATERisk are bearable to certain extentManagement effort worthwhileManagement effort required
MINORAccept RisksAccept but monitor RisksManage and Monitor Risks

The above chart can be used to strategize in various situations. The two factors that govern the action required are the probability of occurrence and the impact of the risk. For example a condition where the impact is minor and the probability of occurrence is low, it is better to accept the risk without any interventions. A condition where the likelihood is high and the impact is significant, extensive management is required. This is how a certain priority can be established in dealing with the risk.

Apart from this, typically most of the organizations follow a risk management cycle. Refer diagram below:

According to this cycle there are four steps in the process of risk management. The first step is the assessment of risk, followed by evaluation and management of the same. The last step is measuring the impact.

Risk identification can start at the base or the surface level, in the former case the source of problems is identified. We now have two things to deal with the source and the problem.

Risk Source: The source can be either internal or external to the system. External sources are beyond control whereas internal sources can be controlled to a certain extent. For example, the amount of rainfall, weather over an airport etc!

Problem: A problem at the surface level could be the threat of accident and casualty at the plant, a fire incident etc.

When any or both of the above two are known beforehand, certain steps can be taken to deal with the same.

After the risk/s has been identified then it/they must be assessed on the potential of criticality. Here we arrive upon risk prioritization. In generic terms ‘likelihood of occurrence × impact’ is equal to risk.

This is followed by development of a risk management plan and implementation of the same. It comprises of the effective security controls and control mechanisms for mitigation of risk.

A more challenging risk to organizational effectiveness is the risk that is present but cannot be identified. For example a perpetual inefficiency in the production process accumulates over a certain period of time and translates into operational risk.

Next Article ❯

Risk Management Salary

Risk Management Software

Authorship/Referencing - About the Author(s)

Risk Management Definition

The article is Written By “Prachi Juneja” and Reviewed By Management Study Guide Content Team. MSG Content Team comprises experienced Faculty Member, Professionals and Subject Matter Experts. We are a ISO 2001:2015 Certified Education Provider. To Know more, click on About Us. The use of this material is free for learning and education purpose. Please reference authorship of content used, including link(s) to ManagementStudyGuide.com and the content page url.

Risk Management Association