Risk is integral to doing business in financial organizations, which actively seek certain kinds of risk. An insurance company accepts the risk of a claim in return for a small premium, while a bank accepts the risk of non-payment of a loan in return for interest. Other kinds of tangential risks are a byproduct of being in business -- such as risk of fraud, or failure to comply with regulations. Companies strive to define their risks precisely so they can differentiate and control these risks. They can classify risks into underwriting risk, credit risk, and operational risk. Defining risks in this way allows companies to take differentiated action for each kind of risk.

Each class of financial risk requires different procedures and methodologies to properly measure it and develop plans for mitigation. While this is an operationally effective process, it is important to consider that many risks tend to be correlated with each other in a mitigating or reinforcing way. Thus the aggregate of all risks will not be a simple sum of the individual risks, making it important to be able to take an enterprise-wide view of the overall riskiness of an organization. This process is referred to as Enterprise Risk Management (ERM). ERM has gained impetus from regulations, such as Basel II, Sarbanes-Oxley (SOX), and Solvency II, as well as adverse market events and an increasingly knowledgeable investment community. Driven by these factors, most financial organizations of size have embarked on enterprise risk projects which combine various efforts, such as Basel II, operational risk, compliance, and IT risk management.