Lots of meetings and conversations I am having at the moment seem to have a "risk management" component to them - everyone is looking for ways of managing the risks they have in their business. But hang on - if you are into risk management then you go looking for risks to manage - why not be into risk removal? Go looking for the risks and then identify how to remove the scale or nature of the risk rather than "manage" it through continuity/crisis planning.
Yet again Business Process Management comes to the fore in this - so many risks described to us invariably boil down to people or process problems - and rarely anything to do with the individual person - more often it is how the processes or procedures are allowing the person to fail in some way.
Plenty of risk always revolves around where people interact with eachother or a business management system - particularly those grey fuzzy areas of inter-departmental responsibility transfer. Opportunities for delay, ambiguity, misunderstanding, keyboard error etc abound. The classic time and cost driven risks. A Business Process Management Suite gives you a great framework for building rule sets and process steps around the people-to-people/system activity flow thereby removing a huge percentage of those potential risks.
Risk management struggles to add tangible value to the business process - risk removal catapults you into a new place entirely.