A successful risk assessment program must meet legal, contractual, internal, social, and ethical goals, as well as monitor new technology-related regulations. By focusing attention on risk and committing the necessary resources to control and mitigate risk, a business protects itself from uncertainty, reduces costs and increases the likelihood of business continuity and success.

Three important steps of the risk management process are risk identification, risk analysis and assessment, and risk mitigation and monitoring.

Risk can be defined as the ‘effect of uncertainty on objectives. Risk is important as it assists organisations in setting strategy, achieving objectives and making informed decisions. Taking risks is fundamental to organisations making profits and not-for-profits delivering the services to the community.
Recognising and managing risk is a crucial part of the role of the board and management. Oversight of risk management is the responsibility of the board. So, it should regularly review and approve the risk management policies and frameworks. In this way the board decides on the nature and extent of the risks it is prepared to take to meet objectives.