# AI Risk Management > AI risk management is the discipline of identifying, assessing, mitigating, and monitoring the harms an AI system can cause across its lifecycle. Category: Governance Source: https://impetora.com/glossary/ai-risk-management Part of: Impetora AI consulting glossary (https://impetora.com/glossary) ## What is AI Risk Management? AI risk management borrows from enterprise risk management but adds AI-specific concerns: bias, hallucination, drift, opacity, automation bias, security against prompt injection, and unintended scale of harm. Frameworks include the NIST AI Risk Management Framework, ISO/IEC 42001, the EU AI Act risk classification, and sectoral guidance from EIOPA, EBA, and the FCA. A working programme has a register, risk owners, control mappings, and review cadence. ## How does AI Risk Management apply to enterprise AI? Enterprises deploying AI in customer-facing or decision-impacting workflows need a documented AI risk management programme. Insurance, banking, and healthcare buyers will not sign without one. ## Related terms - [ISO 42001](https://impetora.com/glossary/iso-42001) - ISO/IEC 42001 is the international standard for AI management systems, specifying requirements for establishing, implementing, maintaining, and continually improving an AI governance programme. - [NIST AI RMF](https://impetora.com/glossary/nist-ai-rmf) - The NIST AI Risk Management Framework is a voluntary US framework for managing risks of AI systems across the lifecycle, organised around the functions Govern, Map, Measure, and Manage. - [EU AI Act](https://impetora.com/glossary/eu-ai-act) - The EU AI Act (Regulation (EU) 2024/1689) is the European Union's horizontal regulation for AI, classifying systems by risk and imposing obligations on providers, deployers, importers, and distributors. - [AI Audit Trail](https://impetora.com/glossary/ai-audit-trail) - An AI audit trail is the persistent, tamper-evident record of every input, output, tool call, model version, and decision an AI system has made, sufficient to reconstruct any past interaction. ## External references - [NIST AI RMF 1.0](https://www.nist.gov/itl/ai-risk-management-framework) - [ISO/IEC 42001](https://www.iso.org/standard/81230.html) --- Impetora is a custom AI consultancy and solutions partner for enterprises in regulated industries. Submit a project at https://impetora.com/intake.