Risks pervade our life and can have an impact at individual; business and social levels. Science and technology; medicine; transport; economics and environment are examples of fields where various kind of risks can arise; eventually causing serious damages if not properly controlled and managed.
If we consider economics; we can argue that enterprises need to compete in order to survive thus incurring in several kinds of risks such as legal; operational and financial ones. On the other hand; even public agencies or non-profit organizations take risks; especially concerning the non-compliance of offered services.
Surprisingly enough; many organizations do not devolve sufficient resources to risk management; they are reluctant to support risk management programs probably because of the high cost of specialists. Furthermore; the discipline of risk management is still young and there are some factors that might discourage the introduction of risk management systems: the strong dependence on the application domain; the lack of a common language among different risk management models; the need to review models; methodologies and tools; while the context changes.
However; as the awareness about risk increases; more and more organizations consider risk management as an essential support tool for decision-making processes leading to effective governance.
Luckily; standards help to orient people working on risk management programs. ISO 31000:2009 is a family of standards that includes principles and guidelines on implementation; risk management risk assessment techniques and risk management vocabulary; providing generic guidelines for the design; implementation and maintenance of risk management processes. ISO 31000:2009 aims at the harmonization of risk management processes in existing and future standards. Although generic standards provide value in terms of shared vision and wide applicability; ad hoc standards are always necessary; e.g. PCI or PCI DSS in the field of payment card industry data security and have to be considered useful completions to generic standards. In the field of risk management there are many challenges to cope with; in particular when we study complexity and change. Things change all the time and risk management requires new concepts and ideas in the scenario of complex systems.
Advances in Risk Management is written for everyone concerned with the study of risk models and implementation of complex risk management systems. In this book you will find the results of researchers and practitioners organized into 3 different application domains of risk management: enterprise risk management; healthcare organizations and natural resources. After a preliminary chapter that reviews the current trends in risk management standardization; chapters from 2 to 6 discuss several studies; both quantitative and qualitative; to enterprise risk management with particular emphasis on business processes and operational risks.