Risk management is a very old idea that has relatively recently taken on somewhat of a new character. The history of any idea brings its own baggage that, whether we want it to or not, often limits our current thinking on the concept—and risk management is no exception. Institutions evolve, standards are codified, and professions mature in such a way that it causes all of us to think in more limited ways than we need to. We don’t have to dispose of all these conventions, but we do need to be aware of why they were there in the first place.

Organizational risk management could be said to have existed at least as early as the first time a king or chieftain decided to fortify walls, make security alliances, or store extra provisions in case of famine. Even more formalized risk management by agreement among parties seems to be a feature of the earliest civilizations. Since ancient Babylon, traders managed the risks of transporting goods great distances by having the buyers provide loans to the sellers that would be repaid with interest only when the goods arrived safely. A Babylonian king wrote in the Code of Hammurabi certain compensations or indemnifications ...