This article looks at challenges of risk management in modern firms. We review the different types of risk, the external and internal forces that shape risk exposures in firms, and the individual and group biases that confound decision making. Next we discuss the need for an enterprise-wide approach to risk management. The critical organisational factors for implementing an integrated approach to managing risk exposures are presented. These include the five pillars of ‘culture’, ‘leadership’, ‘alignment’, ‘structure’, and ‘systems’. We provide an overview of relevant tools and techniques for integrating risk management with business policy and governance. Finally, some implications for organisational change management are considered.