Risk is inherent in everything we do, whether it is determining future business plans and strategies, running day to day operations, managing a project, purchasing a new system, driving a motor vehicle or managing personal investments. Risk management requires a holistic approach to facilitate effective management of business activities and improve business performance, for both large and small organisations.

Risk management is about identifying potential variations from what we plan or desire and managing these to maximize opportunity, minimize loss and improve decision-making. Managing risk means identifying and taking opportunities to improve performance as well as taking action to avoid or reduce the chances of something going wrong.

The discipline of risk management has vast application across all industries and environments and underpins the management activities of the most successful organisations worldwide. There are many areas of risk management including, but not limited to security risk, credit risk, business risk, project risk, financial risk, trading risk, investment risk, operational risk, market risk, environmental risk and information risk.

We all manage risks constantly, sometimes consciously and quite often sub-consciously. The need to manage risk systematically throughout all areas and at all levels of your business is of fundamental importance. Effective management of risk requires a risk framework which imbeds risk management within business processes and within the minds and activities of all staff, at all levels.

The Australian and New Zealand Risk Management Standard (AS/NZS 4360:2004) defines risk management as 'the processes adopted to identify and take advantage of opportunities for enhancing business and individual outcomes, as well as reducing negative impacts'.

The definition of risk is 'the chance of something happening that will have an impact on objectives' (AS/NZS4360). The word 'risk' is usually associated with a negative event or issue and risks are generally regarded as something that should be avoided or minimised. However, activities involving risk are considered to have the potential for both positive and negative outcomes.

Sound risk management not only contributes to good governance, it provides protection for management, directors and office holders in the event of adverse outcomes. Provided an appropriate risk framework is established and industry standards adhered to, protection occurs on two levels.

Firstly, adverse outcomes of risk events may not be as frequent and or severe as they might otherwise have been. Secondly, those who are accountable for managing risk are able to demonstrate they have exercised an appropriate level of due diligence in managing risk. The later being most useful at a judicial inquiry or court case, whereby organisations and individuals are held to account after a serious loss event, such as one involving the loss of life or financial loss through theft or fraud.

Management of risk is an integral part of good management. It is an iterative process of continuous improvement that is best embedded into existing practices and business processes.