Where Does Risk Management Apply in an Organization?