Two terms that demand most attention in the corporate world are governance and risk management. They take on more importance because of the requirement of compliance with the Sarbanes - Oxley Act. But there is more to it because of private organizations looking for financing as well as non-profit organizations looking for support.

Governance can be defined as the process by which objectives are set for an organization and the progress towards achieving those objectives is monitored. Risk management is a salient part of governance because some of the objectives may require risk to be taken in order to achieve them. Careful consideration of the pros and cons and taking calculated risks contributes to organizational success in a big way. Risk can be of many kinds, like:

• Strategic Risk which involves the probability that the organizational objectives are not met.
• Operational Risk that deals with inefficiencies that might creep up in operations such as supply chain management, staff retention, etc…
• Financial Risk that is concerned with factors such as price, stock prices, interest, etc…
• Legal and Regulatory Risk involves compliance with regulations as well as issues of litigation.

The objectives of risk management should be included in the organizational objectives defined by the process of governance. The major objectives are:

• Identification of key risk areas
• Understanding of the risks involved
• Develop plans to mitigate risks

Risk management must be done at all levels of the organization. Support policies, controls and procedures must be established. There must be a centralized procedure to oversee these operations. At the same time accountability has to be delegated to every single employee. Once the process is established there must be a proper channel of communication across all levels in the hierarchy. If a problem has occurred, there must be a proper support system to offer remediation methods. The whole process must be closely monitored and followed-up on a regular basis.

Risk Management typically involves a team of a Project Manager, Program Manager, Program Director, and Steering Committee along with the individual team members. Some of the risks that are to be handled by the team are:

• Expectation Misalignment
• Gaps in technology
• Under-performance of employees
• Improper prioritization of tasks
• Improper management of time
• Lack of management support

After the risk has been identified, it is rated as High, Medium and Low so as to prioritize the urgency of implementing remedial measures. One of the tools that can be used to assess risk is a Risk Assessment Matrix. There are four quadrants named:

• Show stoppers
• Problems
• Irritants
• Disasters

The most critical form of risk is the showstoppers because they snowball into disasters very soon. The internal risks deal with operations, strategy, and programme management while the external risks are concerned with the country in which or which business is to be done, market and vendors. Once the risks are identified and assessed, they can be quantified on the basis of probability of their occurrence. The implementation of the strategy must eliminate the risk. The practice must be shared in the firm so as to insure the other teams against such recurrences. Following best practices helps keep firms stay away from apparent trouble.