Risk Management is simply defined as the process by which an organization attempts to
predict potential risks that it may face, and then tries to come up with strategies to help
it handle exposure to those risks.
The point of Risk Management is that the organization has to be able to strike a balance
between the cost of handling those risks and the cost of being able to meet its
organizational goals. An organization has to adopt a proactive stance so that the outcome
of its risk management efforts will improve over time.
An organization that has done its job of creating a risk management program and
disseminating information about this program to the members of the organization in a timely
and efficient fashion stands to have an easier time predicting when risks will hit the
system and handling the aftershocks of those risks.
It is important that individual members of the organization be informed thoroughly about
the new risk management practices being adopted, so that they can adapt these policies to
their particular organizational division based on what they know their division needs and
can act upon. These members of the organization must communicate any issues and concerns
(even confusion) that arises when there are discrepancies between the perceived risk
management needs of their organizational division and the potential risk management
requirements of the organization as a whole.
When everyone in the organization is able to adopt and adapt to the total risk management
framework of the entire organization, then the impact of risks in the future will be
significantly mitigated and the organization stands a better chance of surviving. Thus,
communication at all levels in the organization is of paramount importance if risk
management is to be effective.