Risk is a fact of (business) life. Taking and managing risk is part of a firm’s job to create profits and stakeholder value. Many a company* does, however, neither manage risk well nor fully understand the risks it is taking.
The term risk is often confused with “hazard”, which means the potential of causing harm. Risk, however, is the probability that the realization of formulated (business) goals/plans/objectives for the future is uncertain. The resulting exposure (hazard) of net profit or cash flow, etc., can not be avoided, but must be managed so that “down-ward risks” are limited and potential “up-ward risks” monitored and left some room – in order to fully leverage the upside.
Consequently, companies must adopt a business behavior along the lines: know and understand what you face, decide on a strategy, and, quantify/report, monitor and manage the risks and/or goals in general; applying agreed strategies and objectives – as well as policies and procedures/processes as appropriate.
*According to a McKinsey research, covering a 5-year period, “every second company was struck at least once, and some more frequently, by a severe risk event”.