Risk management as understood by its name is process of managing the risks, that involves first identify, assess and prioritize the risks and then implement the coordinated measures and/or resources to eliminate, minimize and monitor the probability and impact of the unwanted events or situations.
The risk that we need to manage can be of any type i.e. credit risk, uncertainty in financial markets, project failure at any stage of the project, natural disaster, IT infrastructure failure, bankruptcy of creditors, hacking of servers and an accident or attack from enemies etc.
Organizations adopt various approaches for managing the risks some may prefer to transfer the risk to other parties i.e. through insurance of plants and machinery and even complete projects (although there is still risk of bankruptcy of insurer).
Some may decide to avoid it by altering the processes and or by denying the orders from a fragile client. Also some organizations manage the creditors risks by increasing their profit margins etc. Risk sharing is another approach in which you share the benefit of gain or burden of loss from a risk and from measures taken to mitigate the risk.
There are several risk management standards available globally and that consider varying aspects of the risk management depending upon the target business areas i.e. engineering, project management and IT etc. There are risk management standards by PMI, NIST and ISO.
Risk management methods are adopted mostly in the following sequence:
- To identify, characterize, and assess the potential threats to company assets or operations
- To assess the vulnerability of critical assets and processes to specific threats
- To determine the risk through risk assessment approach
- Identify the practical ways to reduce the risks
- Prioritize risk reduction measures based on a business strategy
For more studies on risk management I suggest you to visit the Wikipedia on risk management.Also you can read more about ISO 31000 on Wikipedia.