Risk Analysis vs. Risk Management – What’s the Difference?



In evaluating career opportunities in risk it is important to have a good understanding of different risk roles. In particular, there is often confusion over where the boundary between risk analysis and risk management lies. Here we discuss the differences and bring these to life.

First, let’s start with risk management. Risk management is the umbrella term given to the end-to-end process of identifying the risks that a business faces, prioritising the subset that need to undergo risk analysis, evaluating the implications of that analysis, and guiding the business to make critical decisions about what actions to take to eliminate, mitigate, or indeed accept these risks. A risk management professional concerns themselves with the entire end to end process and may manage multiple professionals (possibly even a whole department) to do so, alongside managing all of the critical business stakeholder relationships.

The initial identification and prioritisation need to consider the full range of sources of risk facing the business. These can be wildly different in nature and may span the gamut of compliance, legal, strategic, competitive, reputational, operational, human, security and financial risks. To be effective, a risk management professional needs to be knowledgeable in a wide range of domains and in practice needs to have a strong grasp of the full activities of the business.

Once the top risks have been identified it is the role of the risk analyst to evaluate these to quantify the potential losses to the business should a risk materialise, along with the likelihood of risk materialisation. The actual risk analysis work can vary a great deal. Let’s use the example of Supplier Risk to bring this to life. Here are some supplier risks along with the kind of risk analysis that might be undertaken:

  • Risk of supplier failure. Analysis of the supplier’s financials to ascertain its financial strength. Evaluation of the potential financial loss to the business, operational difficulties and/or customer detriment should the supplier fail. 
  • Risk of supplier price increases. Analysis of the trends in the prices of supplier inputs (e.g., commodities). Analysis of changes in competitive intensity in the supplier’s industry. Financial evaluation of the P&L impact of potential price increases.
  • Risk of supplier fraud. Identification of all of the means by which a supplier could conduct fraud, along with the effectiveness of any existing fraud controls. Quantification of the scale of financial losses, customer detriment, reputational damage, etc. of supplier fraud.

As you can see the analyses are extremely diverse in nature, and this is one of the reasons why the profession of risk analysis can be so rewarding.

The risk management professional arguably really earns their keep when it comes to guiding the business through the decision-making required to manage the risks. This is achieved by summarising the findings of risk analysis, presenting options to senior management on which risks to eliminate, mitigate or accept – including developing a set of realistic management actions that will achieve these goals, and ensuring that these actions are undertaken and their effects monitored. And don’t forget that the end-to-end cycle of risk management is a continuous one, demanding a wide range of soft and well as hard technical skills. It’s no wonder that strong risk management professionals are highly sought after and highly regarded by their colleagues.



Back to article list