Business management is about making things happen. Risk management is concerned with the things that might go wrong.
The good manager who works towards achieving business objectives also has a clear idea of how to prevent or otherwise react to the risks which threaten these objectives. With foresight, it is possible to deal with any risk.
Everyone who has responsibility for driving any part of the business also has some responsibility to think about and manage risks. To that extent, risk management at local level belongs to everyone.
We use controls to manage the risks and ensure the business is doing what we intended it to do. The Committee of Sponsoring Organisations of the Treadway Commission ( COSO) defines an internal control as "...a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance".
Internal Audit can help managers to identify risks and establish effective controls. It is usual to document the risks and controls in a risk register. At University level there is formal oversight of top level risks, and the University offers guidance on risk management.
This article was published on Feb 20, 2015