Risk Management has conventionally been considered as a means of balance between risks and rewards. Risk represents uncertain outcomes. Risk is therefore, the possibility of loss, damage, or any undesirable event. In today’s world, businesses face increasingly complex risks and work place challenges. Different businesses face different types of risk, which can be broadly classified as:

		Strategic / Commercial Risks
		Economic / Financial / Market Risks
		Legal & Regulatory Risks
		Organizational Management / People Issues
		Political / Societal Factors
		Environmental Factors / Acts of God (force majeure)
		Technical / Operational / Infrastructure Risks

The concept of Risk Management can be well understood as an uncertain outcome. It is the possibility of loss, damage, or any undesirable event and Risk Management in a business context, is about reducing the cost of managing risk.

Risk Management is a continuous process that is accomplished throughout the life cycle of a system. It is an organized methodology for continuously identifying and measuring the unknowns; developing mitigation options including risk transfer through Insurance; selecting, planning, implementing appropriate risk mitigation and tracking, to ensure successful risk reduction.

Risk Management is a logical, consistent and disciplined approach to prudently manage future uncertainties, in the process, productively avoiding unnecessary waste of resources. Risk Management is thus fast gaining momentum as one of the most crucial realms of the corporate world.

Risk planning, early identification and analysis of risks, immediate implementation of corrective actions, continuous monitoring along with constant reassessment followed by communication, documentation and coordination are the foundation stones of effective risk management.

Ideally, the focus of good risk management should be the identification and treatment of risks. Thus, the ultimate objective of Risk Management is to add maximum sustainable value to all the activities of the organization. While we say that Risk Management marshals the understanding of the potential upside and downside of all those factors, which can affect the organization, it also increases the probability of success, while reducing both, the probability of failure and uncertainty of achieving the organization’s overall objectives.

Risk Management protects and adds values to the organization and its stakeholders through supporting the organization’s objectives by:

		Providing a framework for an organization that enables future activity to take place in a consistent and controlled manner
		Improving decision-making, planning and prioritization by comprehensive and structured understanding of business activity, volatility and project opportunity
		Contributing to more efficient use / allocation of capital and resources within the organization
		Reducing volatility in the non-essential areas of the business
		Developing and supporting people and the organization’s knowledge base
		Protecting and enhancing assets and company image
		Optimizing operational efficiency

Globalization, consolidation and shifting regulations are posing innumerable and hitherto unprecedented challenges for the Indian corporates today. The ability to manage risk across geographies, products, customer segments, asset classes and functional departments is of paramount importance.

Today, Risk Management focuses on understanding the impact of mergers, acquisitions, restructuring and competition on organizations. Further, Operational Risk Management, an emerging discipline attempts to identify risks not only in products but also in processes, technologies, organizations and strategic opportunities. Thus, Risk Management offers to safeguard assets and maintain the continuity of the operating activities of an enterprise. It also works at the humanitarian goal of protecting employees from accidents that might result in death or serious injury. Apart from these, the other objectives of Risk Management are to focus on cost, efficient use of resources, social responsibility, etc….

It is pertinent that organizations consider risk management initiatives strongly. Some pointers for such initiatives are to ask

• Do we understand our risks?
  
• Can we take steps to reduce our risks?
  
• Can we self-insure some or all of our risks?
  
• Do we wish to transfer the residual risks to an insurance company?
  
• At what level can we afford to buy insurance whilst achieving our financial goals / requirements?

Answering all these questions in a structured manner would lead to the development of a comprehensive risk management process or program for every organization.

It should be remembered that risks keep on changing. Moreover, this change might result in exposure to new risks, which can sometimes make the old ones disappear. Thus, the process of Risk Management should be constantly reviewed to address contemporary risks.

Risk Management must be integrated into the culture of the organization with an effective policy and a program led by the most senior management. It must translate strategy into tactical and operational objectives, assigning responsibilities throughout the organization, with each manager and employee responsible for the management of risk as a part of their job description. It must support accountability, performance measurement and reward, thus promoting operational efficiency at all levels.

Enterprise Risk Management (ERM): ERM is a “paradigm shift” in Risk Management practices. The present corporate scenario is casting a duty on the organizations to build capacity to address risk explicitly and to increase organization and stakeholder confidence. Organizations have to develop a mechanism to facilitate better use of time and resources, improved teamwork and strengthened trust by sharing analysis and actions with partners.

Coupled with this, the simultaneous growth of compliance and regulatory requirements is also a key influential factor in the evolution of ERM. The ERM concept empowers an organization to balance risks with rewards, as well as people with processes. But to master the numerous aspects of enterprise risk management, we must first realize that this approach is not only driven by sound theory but also by sound practice.

ERM can be well defined as – “An integrated approach of identifying, quantifying and prioritizing material risk across the organization. ERM is based on a 360° approach that broadens the typical risk management focus to include less tangible assets, discrete exposures and links among them.

There are several reasons why ERM today features as high priority on the corporate agenda. These include:

		The need to be able to respond quickly and effectively to changes and risks in the business environment.
		Rising stakeholder expectation and low tolerance for surprise.
		The need to empower employees to take initiative in day-to-day activities.
		The need to plan effectively to help ensure the delivery of a sustainable, profitable business.
		A need for increased risk transparency for better access to funds.
		The need to help ensure that social and ethical responsibilities are met.

In a typical traditional risk management approach, the treasury department is responsible for financial risk; the HR department is responsible for worker’s compensation, health risk etc. and the Information Technology department is responsible for operational risks and security risks.

A successful ERM approach is a panacea that co-ordinates between all these different departments, recognizes the need for education, and yet allows for individual department initiative, flexibility and autonomy.