---
id: kb-2026-00472
title: Risk Management
schema_type: TechArticle
category: business
language: en
confidence: medium
last_verified: "2026-05-28"
created_date: "2026-05-22"
generation_method: ai_assisted
ai_models:
  - claude-opus
derived_from_human_seed: true
conflict_of_interest: none_declared
is_live_document: false
data_period: static
atomic_facts:
  - id: fact-business-001
    statement: >-
      ISO describes ISO 31000 as an international standard that provides guidelines for managing
      risk.
    source_title: ISO 31000 Risk Management
    source_url: https://www.iso.org/iso-31000-risk-management.html
    confidence: medium
  - id: fact-business-002
    statement: >-
      COSO describes enterprise risk management as connected to strategy, performance, and
      organization-wide decision-making.
    source_title: COSO Enterprise Risk Management Framework
    source_url: https://www.coso.org/erm-framework
    confidence: medium
  - id: fact-business-003
    statement: >-
      NIST describes its Risk Management Framework as a process that includes Prepare, Categorize,
      Select, Implement, Assess, Authorize, and Monitor steps.
    source_title: NIST Risk Management Framework
    source_url: https://csrc.nist.gov/projects/risk-management/about-rmf
    confidence: medium
completeness: 0.88
known_gaps:
  - >-
    Certain sub-topics are covered at a general level; specialized edge cases and nuanced
    applications may not be fully addressed
disputed_statements: []
primary_sources:
  - id: ps-risk-management-1
    title: ISO 31000 Risk Management
    type: standard
    year: 2018
    institution: International Organization for Standardization
    url: https://www.iso.org/iso-31000-risk-management.html
  - id: ps-risk-management-2
    title: COSO Enterprise Risk Management Framework
    type: framework
    year: 2017
    institution: COSO
    url: https://www.coso.org/erm-framework
  - id: ps-risk-management-3
    title: NIST Risk Management Framework
    type: framework
    year: 2026
    institution: National Institute of Standards and Technology
    url: https://csrc.nist.gov/projects/risk-management/about-rmf
secondary_sources: []
updated: "2026-05-28"
---
## TL;DR
Risk management is the structured practice of identifying, assessing, treating, and monitoring uncertainty that can affect objectives. Public claims should cite recognized standards and frameworks rather than generic business advice.

## Core Explanation
Organizations use risk frameworks to connect governance, strategy, controls, and monitoring. ISO 31000 gives general risk-management guidance, COSO frames enterprise risk management around strategy and performance, and NIST provides a security and privacy risk-management process for information systems.

## Related Articles

- [Strategic Management Theory](../strategic-management-theory.md)
- [Amazon Web Services (AWS)](../../computer-science/amazon-web-services-aws.md)
- [AI Governance and Policy](../../ai/ai-governance-and-policy.md)