Risk refers to an incident that may have a positive or negative impact on the realization of an objective. A risk may also consist an unused opportunity. Risk management refers to the activities carried out by an in order to eliminate risks and the resulting damage. Risk management includes the identification, assessment, and management of risks, as well as reporting on and monitoring identified risks and their management.
Traditional risk thinking has changed, and it is no longer sufficient to monitor individual uncertainty factors. Instead, organization are required to implement risk management in a much more systematic manner. The risk management requirements are based on the requirements of various laws, standards, and partners. To enable effective risk management activities, the culture and risk management competence of the entire organization must be developed and maintained. It is important to be aware of the existing level and operation, even if only for the legal issues regarding liability.