Risk management
Risk management is the identification, evaluation, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.
Definition[edit | edit source]
A widely used vocabulary for risk management is defined by ISO Guide 73:2009, "Risk management. Vocabulary." In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss (or impact) and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order. In practice the process of assessing overall risk can be difficult, and balancing resources used to mitigate between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled.
Method[edit | edit source]
For the most part, these methods consist of the following elements, performed, more or less, in the following order.
- Identify, characterize threats
- Assess the vulnerability of critical assets to specific threats
- Determine the risk (i.e. the expected likelihood and consequences of specific types of attacks on specific assets)
- Identify ways to reduce those risks
- Prioritize risk reduction measures based on a strategy
Principles of risk management[edit | edit source]
The International Organization for Standardization (ISO) identifies the following principles of risk management:
- Risk management should create value.
- Risk management should be an integral part of organizational processes.
- Risk management should be part of decision making.
- Risk management should explicitly address uncertainty.
- Risk management should be systematic and structured.
- Risk management should be based on the best available information.
- Risk management should be tailored.
- Risk management should take into account human factors.
- Risk management should be transparent and inclusive.
- Risk management should be dynamic, iterative and responsive to change.
- Risk management should be capable of continual improvement and enhancement.
See also[edit | edit source]
- Enterprise risk management
- Financial risk management
- ISO 31000
- Risk assessment
- Risk Management Plan
- Risk management tools
| Risk management Resources | ||
|---|---|---|
|
| |
Translate to: East Asian
中文,
日本,
한국어,
South Asian
हिन्दी,
Urdu,
বাংলা,
తెలుగు,
தமிழ்,
ಕನ್ನಡ,
Southeast Asian
Indonesian,
Vietnamese,
Thai,
မြန်မာဘာသာ,
European
español,
Deutsch,
français,
русский,
português do Brasil,
Italian,
polski
Navigation: Wellness - Encyclopedia - Health topics - Disease Index - Drugs - World Directory - Gray's Anatomy - Keto diet - Recipes
Search WikiMD
Ad.Tired of being Overweight? Try W8MD's physician weight loss program.
Semaglutide (Ozempic / Wegovy and Tirzepatide (Mounjaro) available.
Advertise on WikiMD
WikiMD is not a substitute for professional medical advice. See full disclaimer.
Credits:Most images are courtesy of Wikimedia commons, and templates Wikipedia, licensed under CC BY SA or similar.
Contributors: Admin, Prab R. Tumpati, MD
