What is risk and risk management?

Risk Management

Risk-taking is what organisations do — it is part of every decision an organisation takes. Risk management standard ISO 31000 2018 defines risk as ‘the effect of uncertainty on objectives’ and risk management as ‘coordinated activities to direct and control an organisation with regard to risk’.3 Risk encompasses the opportunities to create value for the organisation (upside or opportunity risk) as well as the threats or hazards present and to be considered to ensure value is not compromised (downside risk), with recognition of the uncertainties attached to the opportunities and hazards alike. Organisations that manage risk well can limit the impact of threats and take advantage of opportunities.

Risk management is critical as it assists organisations in setting strategy, achieving objectives, making informed decisions and potentially avoiding loss events. It also protects customers and vulnerable stakeholders from harmful impacts, such as those investigated by the royal commissions into the financial services and aged care sectors.

Download PDF

The original edition of the guide was published as Risk Management: A handbook for directors in 2016. This revised edition is published in 2022.

Join now

Renew your membership

Career opportunities

Short Courses

Micro-credentials

Postgraduate study

Certificates

Micro-credential Bundles

Effective Director Course

Governance and Risk Management Forum

Indigenous Governance Forum

Events

Become a sponsor

In-house training

Supplier directory

Resources

Supplier directory

Governance Directions

Membership

Events

Business services

Resources

Our Advocacy

News and Media

About us

Risk Management for directors: A Guide

What is risk and risk management?

Effective Cyber Risk Management: A best practice governance guide