is exposure to uncertainty. In investment, risk includes the possibility of losses.
Taking risks is an active choice by institutions and individuals. Risks must be carefully understood, chosen, and well-managed.
is the extent to which an entity's value may be affected through sensitivity to underlying risks.
is a process that defines risk tolerance and measures, monitors, and modifies risks to put them in line with that tolerance.
- It is NOT about minimizing, avoiding or predicting risks.
- It is about understanding, measuring, monitoring, and modifying risks.
A risk management framework
is the infrastructure, processes, and analytics needed to support effective risk management. It includes:
- Risk governance is the top-level foundation for risk management. It provides the overall context for an organization's risk management, which includes risk oversight and setting risk tolerance for the organization. It directs risk management activities to align with and support the goals of the overall enterprise.
- Risk identification and measurement is the quantitative and qualitative assessment of all potential sources of risk and risk exposures.
- Risk infrastructure comprises the resources and systems required to track and assess an organization's risk profile.
- Risk policies and processes are management's complement to risk governance at the operating level.
- Risk monitoring, mitigation and management is the active monitoring and adjusting of risk exposures, integrating all the other factors of the risk management framework.
- Communication includes risk reporting and active feedback loops so that the process improves decision making.
- Strategic risk analysis and integration involves using these risk tools to rigorously sort out the factors that are and are not adding value as well as incorporating this analysis into the management decision-making process, with the intent of improving outcomes.