Risk Management is a general term that denotes the professional specializations (techniques, practices, behaviors) that aim to identify, measure and mitigate risks to an individual or an organization
A Risk Management Framework is a formal set of rules, policies, prescriptions, tools etc. that indicate how an entity organizes its risk management activities. Implementation of the framework may be a legal requirement (e.g. imposed by regulators) or a best-practise prescription (e.g. developed by a sectoral association of businesses).
In contrast with the formal, documented and organized nature of Risk Frameworks, the concept of Risk Culture captures less tangible but equally relevant aspects of risk management. It denotes the combined set of institutional/corporate Values, norms, attitudes, competencies and behaviour related to risk awareness (perception of risk) and risk taking (active management decisions) that determine a firm’s or organizations commitment to and style of risk management
Issues and Challenges
- While elements of risk management are practised very widely in diverse individual, commercial or public sector settings, it is not a recognized academic discipline, with most of body of risk management knowledge being developed in the context of specific sectoral / professional groups
- Given its less tangible and behavioural character, a problematic risk culture is harder to identify or improve