Business management is about making things happen. Risk management is concerned with the things that might go wrong.
The good manager who works towards achieving business objectives also has a clear idea of how to prevent or otherwise react to the risks which threaten these objectives. With foresight, it is possible to deal with any risk.
Everyone who has responsibility for driving any part of the business also has some responsibility to think about and manage risks. To that extent, risk management at local level belongs to everyone.
We use controls to manage the risks and ensure the business is doing what we intended it to do. The Committee of Sponsoring Organisations of the Treadway Commission ( COSO) defines a control as "a process designed ... to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations; reliability of financial reporting; and compliance with applicable laws and regulations".
Internal Audit can help managers to identify risks and establish effective controls. It is usual to document the risks and controls in a risk register. At University level there is formal oversight of top level risks, and the University offers guidance on risk management.
This article was published on Aug 27, 2010