Definition: What is risk management?
Risk management refers to all activities in dealing with a company's risks. In particular, it includes the systematic and continuous identification, assessment, control and monitoring of potential risks. Risk management is a holistic and proactive approach and is the responsibility of the company's management.
What is active risk management?
Every risk has a cause and an effect. Cause-related measures to influence the risk potential (e.g. risk avoidance, risk reduction) are referred to as active risk management and effect-related measures (e.g. insurance, balance sheet provisions) are referred to as passive risk management.
Why is risk management important / Why do companies introduce risk management?
Entrepreneurial activity is always associated with risks. Both companies and legislators have recognized this: On the one hand, since the adoption of the Corporate Sector Supervision and Transparency Act (KonTraG) in 1998, there have been various legal requirements that companies must observe with regard to risk management. These often depend on the industry and legal form. On the other hand, the proactive and holistic approach of risk management serves to identify and manage a company's risk potential, in particular to avoid or overcome future corporate crises. This means that companies introduce risk management on the basis of both legal requirements and business considerations.
Does risk management make any sense at all?
The introduction of risk management makes sense from a business perspective in any case. Thanks to its proactive and holistic approach, systematic and continuous risk management is able to identify and manage a company's risk potential and ultimately protect it from crises.
How does risk management work?
Since the adoption of the Corporate Sector Supervision and Transparency Act (KonTraG) in 1998, risk management has developed into a complex business management tool in which every area of the company must be integrated. Furthermore, a company must provide instruments for identifying, evaluating, controlling and monitoring risk potential, e.g. as an IT solution. Risk management is coordinated and implemented by a department within the company. In organizational terms, this department should be located close to the company management due to its responsibility.
How do I implement risk management in my company?
Both decentralized and centralized elements are required to implement risk management in a company. Risk owner must be appointed in each area of a company. These are persons or functions that are responsible for identifying and assessing the respective risks, for example. Furthermore, a person/department is required to carry out or coordinate risk management. To support this work, it makes sense to implement an IT solution tailored to the company. It is generally accepted that a company's risk management should continue to develop. One speaks, for example, of the development stages of risk management (cf. maturity models)
What is effective risk management?
Effective risk management is characterized by a company-oriented organization, the implementation of a risk manager position and the use of suitable IT solutions. The aim is to identify, assess, control and monitor current and future risk potential so that the existence and success of a company are not jeopardized.
What is the relationship between risk management and project management?
Project management is used to plan and control projects correctly and to achieve the project goals on time, with the appropriate quality and within budget. To this end, it is also necessary to identify, assess, control and monitor the risks associated with the project. This means that project management (like all other areas of a company) is integrated into a company's risk management system. Risk management must take into account the fact that projects often have a different timeline to other areas of the company, in particular the start and end of a project.
