The objective of the Risk Identification process is to identify a comprehensive list of risks and events that might impact the achievement of the organisation’s strategic objectives, including weaknesses, opportunities, threats, and sub-optimized results.
Identifying Risks is the first step in understanding the risks that may prevent the organisation from achieving its objectives, its overall risk exposure, and how risks should be managed.
The following should be considered while identifying Risks Identification in Risk Management
- What is the Risk?
- What can happen if it is not treated?
- List the Risk & Possible Events
- Why and how can the risk create a negative impact on the organisation?
- List the root cause and event scenarios.
How can the risk be treated? List the tools and techniques to approach and treat the risk
All risks should be identified, regardless of whether they are under the organisation’s jurisdiction authority or related to the organisational business operations.
There are various risk identification tools utilised by organisations depending on the scope of business operations and other factors such as Management Systems, etc. Some of the Risk Identification tools include:
- Bow Tie Analysis
- Hazard & Operability Studies (HAZOP)
- Monte Carlos Simulation
- PESTLE
- Risk Register
- SWOT Analysis
- Event Tree Analysis
- Fault Tree Analysis
Risk registers are a common tool used when undergoing risk identification processes. ERM Risk registers are different from the risk and control matrices commonly used in internal audits. ERM risk registers represent risks to achieving strategic objectives, whereas risk registers for controls and internal audit purposes are generally at the process, activity, and task level.
Risk Assessment is to identify potential threats due to which risks are classified by using two separate values: Likelihood and Impact. Specifically, the main objective of Risk Assessment is to understand the threat. Risk Assessment is mainly undertaken to: Identify and Record all Potential Threats and to provide those threats with a Comparative Risk Value on a quantitative and qualitative aspect. The likelihood is described in different units such as once every 10 years, once every hundred times, once every 24 hours, etc. The impact is also described in different ways based on factors such as Safety (Lives Saved/Lost), Financial Loss, Production (Hours Saved/Lost), Reputational Loss, Asset Lost, etc.
No comments:
Post a Comment