"Not everything that counts can be counted
and not everything that can be counted counts."
—Albert Einstein

The Risk Management Puzzle

Risk management processes can vary from industry to industry and also from sector to sector. The level of risk that is assumed by any enterprise is a function of its understanding of risk by its key stakeholders: shareholders, clients, suppliers, strategic partners, regulatory bodies, rating agencies, governors, and the enterprise's officers and employees. In all organizations, there should be a process to identify, quantify, and manage risk which can easily be communicated to and understood by all stakeholders.

Once risks are understood by all stakeholders and the outcome of the risk management review is consistent with their appetite for risk, strategy development is a necessary by-product of the risk management evaluation process. Although often considered mutually exclusive, strategy development and its on-going assessment are simplified once the organization's tolerance for risk is known as well as its ability to manage that risk.

Once these two criteria have been established, senior management is in a position to communicate with all stakeholders to ensure a clear understanding of the organization's goals and its capability to manage the identified risks.