To understand risk management, one needs to understand the terms; risk and management.
Risk is any event that is uncertain whose occurrence has potential to cause a loss or a gain to the business.
Traditionally we have confused the word risk to mean causing a loss in which case many organizations have failed to plan and prepare how to handle an opportunity which arises when it has not been expected. But because business is more concerned with the threat of failing than the threat of abrupt success, we concern ourselves more with risk management in the context of managing bad events like an earthquake, fire outbreak, storms and any other accident which could occur and cause an organization to spend a lot of money.
Management on the other hand means to plan, control and make decisions. With planning, you articulate events with potential to cause harm and put in place mechanisms to ensure that they don’t occur. To control is to ensure that you are setting up a standard against which actual events will be measured to ensure that any deviation is corrected, controlled or stopped. That way you are sure that things are within what you wanted. To control you need to know how good looks like and what the actual result is. The process of bringing the actual things to be in line with what you have planned and understanding the cause of variance and trying to ensure that it does not keep expanding is control.
Take an example of a student in school whose budget is to spend Ugx 10,000 weekly. But in the process, he ends up spending Ugx 20,000 and is affecting his studies. May be he meets his friends at the canteen or place of eatery instead play grounds and finds himself buying them bites. The question is; how do you avoid spending what you have not planned for?
In this case, the boy chooses to meet friends in the classroom or in places where he is not going to spend instead of meeting friends at the place of eatery and that become a control mechanism.
Decision making means internalizing and looking at what caused the variance and deciding on the next cause of action.
Risk management therefore is understanding events which cause potential harm or opportunities to the business, and ensuring that you articulate them and have clear mechanisms to ensure that these events don’t occur and if they are to occur, they are within control so that the business remains a going concern and successful because the bottom line is to keep the business running.