Risk management

Risk management is important because risk exists in every area of our lives and something must be done to address risk. Some types of general risks include uncertain financial markets, project failures, legal liabilities, credit risk, accidents, and natural disasters to name a few.

Risk is especially present when new elements are introduced such as a new IT project that will alter how things have been done before. Some risks involved in projects are market, financial, technology, people and process risks. All these changes represent new risks to the organization and must be managed alongside the project implementation. Risk management is the process to recognize the inherent risks and utilize practices that will help mitigate the risks by increasing certainty and minimizing the unknown, managing the change process more effectively, using resources better, and improving the overall management of the project which creates a better working environment.


By effectively managing risk, organizations can avoid potentially costly product failures that may be embarrassing and harmful. The strategies to manage risk mentioned in the text include transferring the risk to another party such as through an insurance policy, avoiding the risk altogether, reducing the negative effect of the risk through outsourcing a riskier element to a third-party specialist, and accepting the consequences of risk. Often not doing anything is a risk that may be too big to take.



The international standard board, ISO, defines risk management in the following way:

Risk management should create value.
Risk management should be an integral part of organizational processes.
Risk management should be part of decision making.
Risk management should explicitly address uncertainty.
Risk management should be systematic and structured.
Risk management should be based on the best available information.
Risk management should be tailored.
Risk management should take into account human factors.
Risk management should be transparent and inclusive.
Risk management should be dynamic, iterative and responsive to change.
Risk management should be capable of continual improvement and enhancement