Risk management is defined in the Wikipedia as "the human activity which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources.The strategies include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk."
In the introduction to a new risk management policy, there was a quotation from the Australian Risk Management Standard (AS 4360) which says "Risk management is as much about identifying opportunities as avoiding or mitigating losses." This is a great principle but, alas, not reflected in the policy beyond its initial mention.
Australia has its very own risk management site, and for afficionados of risk management (more likely to be in the public sector than the private sector) its all there. The main focus of the site is selling various risk management products, including the standard and the handbook, and a series of risk management manuals for different kinds of risk. There is also a Risk Management Association of Australasia, which offers Certified Practising Risk Manager accreditation. And government, as one of the most risk averse entities, has proliferated advice on managing risk through sites such as the NSW Risk Management Guide for Small Business
with 70 pages of advice. A Google search identified 2.4 million rereferences to risk management in Australia alone. Enjoy!
It is quite clear that there is more to risk management than the definition conveys, and very little in conventional risk management about identifying opportunities. It is more often than not about reducing the possibility that the manager will be blamed if something goes wrong.