Risk management is not an end in and of itself, but rather a part of sound organizational practices that include planning, preparedness, program evaluation, process improvement and budget priority development. The value of risk management approach or strategy to decision makers is not in the promotion of a particular course of action, but rather in the ability to distinguish between various choices within the larger context. Establishing the infrastructure and organizational culture to support the execution of risk management is a critical requirement for achieving the goals.

Risk management is an ongoing process that continues through the life of a project. It includes processes for risk management planning, identification, analysis, monitoring and control. Many of the process are updated throughout the project life cycle as new risks can be identified at any time. It is the objective of risk management to decrease the probability and impact of events adverse to the project.

Definition: Risk is a combination of an abnormal event or failure and the consequences of that event or failure to a system’s operators, users or environment. A risk can range from catastrophic (loss of an entire system, loss of life, or permanent disability) to negligible (no system damage or injury) (Glutch, 1994). An organized process to identify what can go wrong to quantify and assess associated risks and to implement/control the appropriate approach for preventing or handling each risk is identified (Hall, 2002).

Computer Sciences Journal, Risk management, Evaluation, Improvement, Priority, Infrastructure, Organizational culture.