What is Risk Management?
Risk management is simply a formal process for managing uncertainty, and every organization already does this to some degree because all human endeavor involve uncertainty. Doing this effectively means making decisions in full consideration of the uncertainties involved.
Risk management is simply effective decision-managing in the face of uncertainty.
Why Do I Need Risk Management?
Decisions aren't all entirely rational. Our emotions color our perspective, resulting in less-than-perfect decisions. We also have a tendency to be twice as averse to the pain of loss than to the pleasure of gains(1992, Prospect Theory-Kahneman). A formal, repeatable process can help overcome this and other human biases.
Interestingly, the very processes which facilitate the prevention of loss, can at the same time, be used to prevent missed opportunities - a costly form of risk which many overlook. For example, the simple decision which caused the greatest, missed opportunity of the 20th century was made by the twelve publishers who turned down the Harry Potter classic - the total value of which exceeds 24 billion dollars! They all rejected it for the same reason: too long for a children's book! It is fair to say that the decision would have been decidely different had they employed formal risk management practices.
Why Employ This Standard?
Myriad uncertainties stand between you and your objectives. Every organization's management and its individual decision-makers are subject to the dangers of emotional rather than rational thinking, group-think and shoot-from-the-hip decisions. ISO 31000, establishes the principles you require, a framework and tailored processes whose allow you to integrate informed, organized and structured decision-making into your organization’s existing governance, processes and culture.