This paper discusses the principles of risk management in a wide context, including definitions of risk and how diverse types of risk can be compared on a common basis. The paper also provides an overview of how the main processes have been developed in other industries, including discussions of the various methods of quantitative risk assessment, and how standards fit into this. It then focuses in on the wave and tidal energy sector to discuss how a risk-based approach can be utilised to drive the development of a device in a structured manner. This includes references to the EquiMar  project, and the main considerations from a risk management perspective from the concept design, through tank testing and sea trials, to deployment of multi-device arrays. A common risk management process is described as an example of the application of the technique, along with a brief discussion of some common risks faced by wave and tidal energy device developers. Finally, the paper discusses risk management from a certification point of view, highlighting how development of standards, and use of existing standards, can be used to define levels of risk in a consistent, generic and objective manner.