Introduction Over the years, people gradually realized that different types of risks existing in different departments within an organization from the risk management practices. Some of them overlap can amplify risk, while others may offset to reduce risk. Therefore, the enterprise can not only consider their risk management from the perspective of a single risk, but from the view of the institution ’ s overall risk profile. In recent years, the consequent collapse of Enron, WorldCom and a set of accounting fraud occurred has attracted wider attention to the serious issue of risk management around the world. As a response, the enactment of Sarbanes–Oxley Act in July 2002 which was restricted to all listed companies in US attempt to settle perceived weaknesses in the internal control system. In the late 2004, the COSO Enterprise Risk Management (ERM) – Integrated Framework was published, greatly expanded the internal control system, more focused on the broader field of comprehensive corporate risk management, and it has became a wide accepted standard all over the world. The risk management of everything has been increasing steadily during the past couple of years for a variety of reasons (Power, 2004). In the contemporary society, the scope of risk management of everything has involved in all level of society and intend to address all types of risk. Not only private sector but also public sector have an obligation to identify and manage all potentially relevant risks. Brendon (2012) suggested this phenomenon indicates organizations should collect all the risk categories such as market, credit, operational, liquidity, reputational, strategic, to make sure the directors get a whole view of the organisation’s entire exposure to risk and monitor that exposure against the directors’ stated risk appetite. Research based upon the risk management of everything has brought about two viewpoints. On the one hand many people in favor of the risk management of everything is beneficial to some value-adding activities, such as decisionmaking by the boards. On the other hand, the dark side is the appearance of secondary risk also called reputation risk can markedly reduce the value and effectiveness of the risk management of everything. In this essay, Power’s principal ideas concerning the risk management of everything will be introduced in the first section. Then the next section describes the reasons why it may be difficult to build up and maintain an effective risk management system.

Main body Power suggested that there is an asymmetry between primary and secondary risk management in the risk management of everything. The secondary risk management experience a remarkable growth during these years and become as important as the primary risk. To a large extent the tendency of increasing risk management of everything could be seen as a defensive reaction to protect the reputation. However, the process of the risk management of everything itself is a certain kind of risk. As a result, the society will suffer serious risks. The risk management is engaged at all level of organizational life including the state, public regulators, private companies, not because of a good understanding of all the uncertainty they face. The fact is that they have no option but to do so, to play a role as if they know the risks. That is means to know the unknowable. However the varying kind of organizations themselves are a source of risk, at the same time they must deal with risk management. The two statement are inconsistence. Today the world is clearly know what is unknowable, but a strong institution-wide risk culture since 1990s tends to create a risk management of everything program. This ambition triggers a series of efforts to enhance the organizational risk-based internal control system, define the new type of risks, set up new agents and risk accountability structures, develop better processes to ally risk with a moral discourse of effective