Risk Management Categories

Brand Risk Management

What is Brand Risk Management?

The definition of brand risk management is identifying, treating and monitoring any threat to a brand, essentially to lessen the possibility of a brand or product failing in the market. Types of brand risk include reputation, recognition, awareness, position, legacy, loyalty and customer perceptions.

Why is Brand Risk Management Important?

Organizations have to rely on their reputations to attract consumers, investors, and business partners. Reputation and brand are complicated, hard to measure, and always changing. It takes consistent effort to monitor and manage external perceptions of a brand, but the cost is the company itself.

Brand Risk Management Factors

A few factors of successful brand risk management are identifying the risks you face, deciding what your priorities are, considering the cost of action versus inaction, and measuring your impact. Reputation management, very similar to brand risk management, is something else to keep in mind.

Reputation management is defined as monitoring your brand perception and addressing any potential issues. It’s slightly more focused on external perceptions of your company/brand, as opposed to compliance, legal, fiscal, or technical issues your brand might face. It’s important to always both monitor and manage these various risks.

While all monitoring is a type of management, managing issues includes more steps than just brand monitoring.

Once you’ve detected or found potential reputational or larger brand risks, being proactive and trying to diffuse or refute them can be an important step. There’s more to do than just keep close watch to mentions of your company, thought that’s always an important step to take.

Compliance Risk Management

What is Compliance Risk Management?

The definition of compliance risk management is ensuring a company acts in accordance with applicable laws and regulations, as well as industry-wide best practices.

Why is Compliance Risk Management Important?

Companies that fail to adhere to the laws governing them face legal issues and penalties and possible material loss.

Compliance Risk Management Factors

According to Deloitte, some factors of successful compliance risk management are having the right tools and governance, training and communicating best practices to employees, amending policy and procedure, and conducting risk assessments.

Composite Risk Management

What is Composite Risk Management?

The definition of composite risk management is the process of decision-making taken by the Army to identify, reduce, and prevent risk and loss.

Why is Composite Risk Management Important?

Composite risk management is important because it ultimately ensures that the Army has identified and controlled hazards that could threaten resources.

Composite Risk Management Factors

While there are several factors to be considered when evaluating and implementing composite risk management, the official five-step process to manage composite risk is as follows:

  1. Identify hazards
  2. Assess hazards to determine risk
  3. Develop controls and make risk decisions
  4. Implement controls
  5. Supervise and evaluate

Enterprise Risk Management

What is Enterprise Risk Management?

The definition of enterprise risk management is any method or process to manage risk used by organizations.

Why is Enterprise Risk Management Important?

Being proactive about identifying and handling risk creates value for everyone involved in a company, from customers to stakeholders.

Enterprise Risk Management Factors

Some aspects of enterprise risk management are internal control, the Sarbanes-Oxley Act, strategic planning, and proactive monitoring.

Operational Risk Management

What is Operational Risk Management?

Operational risk management is defined as a process including assessment, decision making, and implementation of controls for risk. It includes the risk of loss from “failed internal processes and systems, human factors or external events.”

Why is Operational Risk Management Important?

As with other forms of risk, operational risk puts the reputation, efficiency and output of any company in danger, and the proactive management of risk helps keep companies abreast of potential issues and able to respond to them in an effective and timely way.

Operational Risk Management Factors

Some factors of successful operational risk management are integrating your approach, process mapping, and evaluation.

Qualitative Risk Management

What is Qualitative Risk Management?

The definition of qualitative risk management is similar to that of quantitative risk management, except that qualitative management refers to a way of analyzing risk that involves a descriptive scale to predict risk occurrence while quantitative uses a numerical scale.

Why is Qualitative Risk Management Important?

When prioritizing project risks, it’s important to understand the likelihood of each risk and its impact.

Qualitative Risk Management Factors

Because qualitative risk management mostly refers to a method of risk analysis, factors include identifying, evaluating, documenting, and measuring potential risk occurrences.

Quantitative Risk Management

What is Quantitative Risk Management?

The definition of quantitative risk management is similar to that of qualitative risk management, except that quantitative management refers to a way of analyzing risk that involves a numerical scale to predict risk occurrence while qualitative uses a descriptive scale.

Why is Quantitative Risk Management Important?

When prioritizing project risks, it’s important to understand the likelihood of each risk and its impact.

Quantitative Risk Management Factors

Because qualitative risk management mostly refers to a method of risk analysis, factors include identifying, evaluating, documenting, and measuring potential risk occurrences.

Root Cause Analysis Risk Management

What is Root Cause Analysis Risk Management?

The definition of root cause analysis risk management is analyzing the fundamental cause, basis or essence of potential risks or problems and creating a process to proactively manage them.

Why is Root Cause Analysis Risk Management Important?

Root cause analysis risk management is a long-term, systemic process that involves planning more than impulsive reacting to issues, which helps organizations find more holistic solutions. This approach helps the organization improve and find permanent solutions.

Root Cause Analysis Risk Management Factors

Factors of root cause analysis risk management are barriers, change, asking “why”, understanding underlying issues, and creating a series of processes to solve and avoid them.

Vendor Risk Management

What is Vendor Risk Management?

Vendor risk management’s definition is making sure third-party service providers and suppliers do not negatively impact business performance. This means managing relationships to all vendors and thoroughly examining their practices and reputations.

Why is Vendor Risk Management Important?

Reputation is all about the company you keep, so any affiliation with organizations that use unethical practices can threaten the perception of your business.

Vendor Risk Management Factors

Factors of vendor risk management include planning ahead, explicitly making vendors accountable from the beginning, and attempting to eliminate risk through planning ahead.

Risk Management Industries


What are the major risks in finance?

Banks and other financial institutions face major risks, even beyond the volatility of the stock market. LIke any other organization today, cyber-risk is growing rapidly and fraudsters’ knowledge is growing.

Often times these criminals are targeting money, so FIs are constantly warding off these attacks. There’s also the classic credit risk, liquidity and operational risks, and reputational risk.

What are the major regulations involved in finance risk?

The Dodd-Frank Wall Street Reform Act is synonymous with financial regulation for many, as it gave the Federal Reserve the power to split up large banks and eliminated various loopholes.

The Federal Reserve also put regulations on the industry in 2013, requiring big banks to have more liquid assets. Also, the Sarbanes-Oxley Act requires executives to personally certify corporate accounts.


What are the main areas of risk in insurance?

Risks for the insurance industry are many and varied. They include competition, not having the right technology available, disruptive technology making insurance agencies obsolete, pricing getting out of control, and most of all, cybercrime and lack of cybersecurity.

Many insurance risk issues also plague other industries, especially technology and the growing capabilities of hackers. With the rise of technology comes the rise of risk.

What are the major regulations involved in insurance risk?

For insurance, practices are generally regulated by the state.

Guidelines for these regulations include: “1. Rates must be adequate 2. Rates must not be excessive 3. Rates must not be unfairly discriminatory”


What are the main areas of risk in healthcare?

For the healthcare industry, risks span from cybersecurity and confidentiality, malpractice, telemedicine, staying compliant, fighting disease and infection within facilities, billing, collections and claims issues, to revenue.

What are the major regulations involved in healthcare risk?

Major regulations are especially important for healthcare providers, and there are many agencies set up to monitor and regulate compliance. These include the Centers for Medicare and Medicaid, which oversee regulations related to those programs, and HIPAA, the Health Insurance Portability and Accountability Act.

HIPAA works to reduce costs and protect patients and their information in order to provide them with the best possible care. On top of these organizations and rule sets, the U.S. Department of Health & Human Services has many smaller agencies under it that regulate different sectors of the industry, and the Centers for Disease Control and Prevention also keep an eye on providers to make sure people are as healthy and safe as possible.

With so many governing bodies, it can be difficult to keep up with best practices and regulations.

Major Risk Management Legislation

Dodd-Frank Wall Street Reform Act

What is the Dodd-Frank Act?

The Dodd-Frank Act, short for the Dodd-Frank Wall Street Reform and Consumer Protection Act, has been keeping financial institutions on their toes since July of 2010. After the Great Recession in the 2000s, the main goal was to strictly regulate banks to prevent another recession.

What are the penalties for not complying with Dodd-Frank?

Dodd-Frank made harsher consequences for credit rating agencies who are not compliant. The SEC can punish anyone who has not followed the specific guidelines and take them to court.

General Data Protection Regulation (GDPR)

What is GDPR?

Not just many updated privacy policy emails you’ve been receiving. General Data Protection Regulation (GDPR) is a legal framework that makes rules for how companies get and use personal user information within the European Union.

What are the penalties for not complying with GDPR?

As evidenced by recent 6.7 billion pound lawsuits against Google and Facebook, non-compliance is costly. Besides literal fines, rebels will also suffer from substantial reputational damage, as your brand is less secure.

Sarbanes-Oxley Compliance

What is SOX?

The Sarbanes-Oxley Act, passed in 2002, introduced major changes to how financial practices are regulated. It especially focuses on eliminating corporate fraud by banning company loans to executives, protecting whistleblowers, and strengthening the financial literacy of corporate boards.

What are the penalties for not complying with SOX?

Penalties are harsh; executives who submit inaccurate information or certifications face up to 10 years in prison and a $1 million fine, and corporate officers who purposefully submit wrong certifications face up to 20 years in prison and fines up to $5 million.

FFIEC Compliance

What is the FFIEC?

The Federal Financial Institutions Examination Council, or FFIEC, is an agency that establishes guidelines and practices for financial institutions. Their guidelines are built with expectations for compliance. Thier guidelines cover 11 sections: business continuity planning, development and acquisition, electronic banking, information security, IT audit, IT management, operations, outsourcing technology services, retail payment systems, supervision of technology service providers, and wholesale payment systems.

What are the penalties for not complying with the FFIEC?

Organizations that do not adhere to the guidelines set down by the FFIEC will be slapped with heavy fines and penalties. For example, a first-tier penalty could be issued for a violation, up to $5,000 per day. A third-tier fine, however, could be up to $1,000,000 for any knowing or reckless violation.