Holistic Risk Management is the process by which an organization firstly identifies and quantifies all of the threats to its objectives, and having done so manages those threats within, or by adapting, its existing management structure. It differs from conventional Risk Management in two key ways: The range of risks considered should not be limited by those that are ‘insurable’ or ‘fortuitous’. Far greater risks now threaten organizations than those which are understood by the traditional Underwriter. The process of minimising risk and the impact of risk, upon the organization, has to become a main stream management function, and not something that can be left to the annual insurance survey or minimal compliance with Health and Safety legislation. Risk management must become an integral part of everyone's job, supported, but not policed, by specialist internal or external assistance. Its effectiveness will largely depend upon the underlying quality of the organization's management, structure and culture, with which it should integrate. David Davies reports.