Risk Management 

In a broad sense, to assess, minimize, and prevent negative consequences posed by a potential threat. The term “Risk Management” has significantly different meanings that can affect Data Governance programs. At an enterprise level, “risk” refers to many types of risk (operational, financial, compliance, etc.); managing risk is a key responsibility of Corporate Boards and Executive Teams. Within financial institutions (or in the context of a GRC program), Risk Management may be a boundary-spanning department that focuses on risk to investments, loans, or mortgages. At a project level, “Risk Management” is an effort that should be undertaken as part of Project Management, focusing on risks to the successful completion of the project. From a Compliance/Auditing/ Controls perspective, “Risk Assessments” and “Risk Management” are high-effort activities included in the COSO, and COBIT frameworks and required by Sarbanes-Oxley and other compliance efforts. Data Governance programs may be asked to support any of these Risk Management efforts, and may need input from these efforts to resolve data-related issues.