What is a Risk?
In the context of governance, risk, and compliance (GRC) — and particularly in ISO-based frameworks — a risk is defined as the effect of uncertainty on objectives.
That uncertainty could come from data breaches, system outages, supplier issues, safety incidents, or even reputational threats. Managing those risks isn’t about eliminating every possible danger. It’s about knowing what could go wrong, understanding the likelihood and impact, and taking appropriate action to reduce harm.