This document discusses risk management concepts from a presentation at the Auditing Roundtable 2009 Spring Meeting. It defines risks as exposures to uncertainties that may impact business objectives. It distinguishes between insurable risks like injuries and uninsurable risks like fines. It advocates using frequency and severity factors based on actual data to assess risks, and leveraging the risk management function to calculate the return on investment of avoiding losses through risk mitigation efforts.