What is risk? Risk is anything that prevents an organization from achieving its business objectives and ultimately affects the performance of an organization and its continued survival.
To ensure business is managed prudently, many business leaders have adopted risk management in various forms and frameworks. Regardless of the nature of each framework, generally risk management entails identification, analysis, mitigation action, monitoring and control of any risks that threaten the organization.
Rationales to adopt a risk management framework could be due to business and market imperative needs such as responsibilities on corporate governance, ever-changing business environment both internally and externally, shareholders’ increased focus on risk and return as they do not tolerate undesirable surprises anymore, coupled with scarcity of resources that forces allocation to be made based on risk and return.
Risks may be classified into three broad categories: strategic risks, operational risks and project risks. Strategic risks could be defined as uncertainties that are external to the organization, which impose significant impact on business performance. While operational risks refer to those inherent internal uncertainties in the ongoing operational activities within an organization. Project risks are uncertainties associated with specific and short term projects and undertakings.