Risk management is predicting and managin risks that could hinder the organisation from reliably achieving it’s objectives under uncertainty. Compliance refers to adhering with the mandated boundaries (laws and regulations) and voluntary boundaries (companies, policies, proceedures etc).