ABSTRACT
This chapter outlines the core risks faced by organisations and explain how this knowledge is used in the designing of the risk management systems and procedures. New risks will emerge over time, and the changing global political environment can generate new risks, but the principal risks are long-standing and worthy of closer consideration. The way in which each organisation labels its principal risks and the relative importance attached to each will ultimately depend upon both the nature and scale of the business. Risk management standards such as Committee on Sponsoring Organizations and ISO 31000 provide a framework for the creation of what is sometimes termed the risk architecture of an organisation. Using the example of Marks and Spencer as an illustration, the chapter concludes that risk management frameworks in every organisation have common features, but the detail of the risk architecture are variable.
