What is risk management and what are the major steps of risk management?
Risk management specifically focuses on keeping and reducing risk to an acceptable or tolerable level. It is useful to explore possible threats and vulnerabilities to organizational assets. Moreover, it is the intersection of threats and vulnerabilities. In addition, it is the analysis and assessment of likelihood and impact of threats. Risk exists when both threat and vulnerability materialize, unless it will remain as just a threat.
Risk management employs the following major steps:
Risk Identification –> Risk Analysis –> Risk Evaluation –> Risk Mitigation.
During risk identification, all risks are identified and recorded in risk register. In risk analysis, thorough analysis of those identified risks takes place. Risk analysis can be qualitative, quantitative or hybrid. The risk evaluation phase will be where the identified risk will be compared against the organization risk tolerance. Risk mitigation options will mainly depend on the output of risk evaluation. Risk mitigation or risk response will be the final stage of risk assessment or risk management process. In risk mitigation, we employ fundamentally four approaches to the risk. These are Acceptance, Transference, Avoidance, and Mitigation.