Management Systems are required for a wide variety of purposes. This includes the management of a company as well as the control of an IT project or the adherence to a quality, environmental or information security standard. They show objectives and provide to the management proven methods for achieving them, as well as the associated control and monitoring mechanisms.
This book describes how the generally necessary core process of risk management works within such a management system. The main feature of the model is the cyclical repetition of the identification and evaluation of opportunities and risks, resulting in the taking of all necessary control measures, in particular the application of appropriate options for risk treatment. Another feature is its continuous improvement. The book deals with the economics of risk management and provides suggestions for optimization using proven IT methods such as standardization and automation.