Risk
Risk is the possibility of an event’s occurrence that could have an impact on the achievement of objectives. Thus risk is any event or action that can keep an organization from achieving its objectives.
This is a negative definition of the risk. Risks are events that might cause harm to a business. They are not certain to occur, but if they occur, they will have a negative impact on the business. But generally uncertainty at its broad meaning is not always negative.
Every organization faces risks, that is, unforeseen obstacles to the pursuit of its objectives.
Risks take many forms and can originate from within or from outside the organization.
Organization’s vulnerabilities (risks) should be identified and analyzed prior to Risk assessment (Quantitatively and qualitatively) for the purpose of risk management
Thus the design of controls in order to manage risk should be driven by risk assessments.
Controls should be established and monitored to limit risk of a potential loss of assets or misstatements of material information.
Greater risks warrant more extensive controls.