As defined in the International Organization of Standardization (ISO 31000). Risk
Management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize monitor and control the probability and/or impact of unfortunate events and to maximize the realization of opportunities. It is through risk management that risks to any specific program are assessed and systematically managed to reduce risk to an acceptable level. Risks can come from uncertainty in the financial market, project failures, legal liabilities. credit risks accidents, natural causes and disasters as well as deliberate attack from adversary, or events of uncertain or unpredictable root-cause.
B. What are the elements of the risk management process?
-The risk management process shall include the following steps:
a) Assessment risks: Identification; Determination of their source. b) Development actions plans: Reduce, avoid, retain, transfer or exploit c) Implementation of action plans d) Monitoring and reporting risk management performance. e) Continuous improvement risk management capabilities.