Absolutely not like that.
Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Using parameters will not only prevent you from your current SQL Injection risk, but will also solve your existing problem at the same time:
using (SqlCommand cmd1 = new SqlCommand("UPDATE ERP_Risk_Mgmt set Account_name=@AN, Key_Risks=@KR ,Mitigation_Plan=@MP, Contingency_plan=@CP, Status_in_detail=@SID, Rdate=@RD, Pool_name=@PN, Group_name=@GN, Lastupdatedate=@LUD where Account_name=@AN", con))
{
cmd1.Parameters.AddWithValue("@AN", strAccountName);
...