Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings. These threats, or risks, could stem from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents and natural disasters. IT security threats and data-related risks, and the risk management strategies to alleviate them, have become a top priority for digitized companies. As a result, a risk management plan increasingly includes companies' processes for identifying and controlling threats to its digital assets, including proprietary corporate data, a customer's personally identifiable information and intellectual property.
The ISO recommended the following target areas, or principles, should be part of the overall risk management process:
· The process should create value for the organization.
· It should be an integral part of the overall organizational process.
· It should factor into the company's overall decision-making process.
· It must explicitly address any uncertainty.
· It should be systematic and structured.
· It should be based on the best available information.
· It should be tailored to the project.
· It must take into account human factors, including potential errors.
· It should be transparent and all-inclusive.
· It should be adaptable to change.
· It should be continuously monitored and improved upon.
The ISO standards and others like it have been developed worldwide to help organizations systematically implement risk management best practices. The ultimate goal for these standards is to establish common frameworks and processes to effectively implement risk management strategies.
These standards are often recognized by international regulatory bodies, or by target industry groups. They are also regularly supplemented and updated to reflect rapidly changing sources of business risk. Although following these standards is usually voluntary, adherence may be required by industry regulators or through business contracts.