- risk management
- The assessment, evaluation, and monitoring of *risks in an activity or organization, with the undertaking of necessary corrective actions. Risk management is a comprehensive process that aims to create a disciplined environment for the achievement of an organization’s objectives. The monitoring and corrective actions arising from risk management tend therefore to focus on *procedures and *internal controls that provide reasonable *assurance on the achievement of objectives. Five risk management strategies are *risk acceptance, *risk avoidance, *risk elimination, *risk minimization, and *risk transfer. It is frequently observed that risk management may increase a corporation’s *value by reducing risks and, thereby, reducing *cost of capital. A recent risk management standard defines risk as "the culture, process and structures that are directed towards the effective management of potential opportunities and adverse effects" (AS/NZS 4360, 1999). *Risk assessment is the first stage of a *risk management process, which may or may not involve the measurement of risk by formal quantification. Typically, this depends on the nature of the risks to be addressed, as well as on management objectives. Risk management can be performed at an organization-wide level (when it is often called * Enterprise Risk Management) or at the more discrete level of individual departments, processes, or other operational units. Typical risk management functions in organizations include departments or suppliers providing (i) internal auditing, (ii) external auditing, (iii) insurance, (iv) *quality control, and (v) health and safety monitoring. Further reading: AS/NZS 4360 (1999); Crawford and Stein (2002); Doherty (2000); IIAUK (1998); McNamee and Selim (1998)
Auditor's dictionary. 2014.
