The entire process of identifying, evaluating, controlling and reviewing risks, to make sure that the organisation is exposed to only those risks that it needs to take to achieve its primary objectives, is known as 'risk management.'
Risk management is a proactive process, not reactive.
Risk cannot be eliminated. However, it can be:
- Transferred to another party, who is willing to take risk, say by buying an insurance policy or entering into a forward contract;
- Reduced, by having good internal controls;
- Avoided, by not entering into risky businesses;
- Retained, to either avoid the cost of trying to reduce risk or in anticipation of higher profits by taking on more risk, and;
- Shared, by following a middle path between retaining and transferring risk.