Risk management refers to the co-ordinated activities taken by an enterprise to direct and control activities pertaining to risk.
 Risk management is an active process, not simply a form of
elaborate observation.
o ‘Control’, when used as a verb in the context of risk
management, is often used as a synonym for ‘measure’.
o However, the results of measurement must be used as the
basis for directing actions and activities.
 Comprehensive risk management includes four steps:
1. Identification
2. Assessment
3. Mitigation (response)
4. Ongoing monitoring and reporting