Risk Assessment

Risk Categories

Strategic

Financial

Operational

Legal/Compliance

IT and Systems

Reputational

 

Risk Identification and Assessment

Risk identification is the process of determining risks that could potentially prevent the enterprise from achieving its objectives. It includes documenting and communicating the concerns in a Risk Register.  Once risks have been identified and categorized, the potential hazards are analyzed according by probability and impact which allows the identification of high risk items.

Risk Treatment

Once risks are identified and prioritized, how will we respond to them?  The risk treatment involves the strategies to address the various risks - low or high, acceptable or unacceptable. By evaluating data in the Risk Register, ERM develops a response, or risk treatment, for those risks.  For each risk, a treatment is determined from options such as:

Avoid

Transfer

Mitigate

Accept

The method of transferring risk is exemplified when we transfer risk from one party to another through the purchase of insurance.

Examples:

General Liability Insurance – Broad protection from injury, property and other liability claims

Cyber Liability Insurance – Protection from data breaches, hacking attacks and computer or network related crimes against your  company that compromise confidential customer or company data.

Errors & Omissions Insurance – Professional Liability Insurance: Liability protection for claims against your organization for negligence, errors, oversights and mistakes.

 

Key Definitions

RISK: Uncertainty about outcomes that can be either negative or positive.

RISK APPETITE: The amount of risk (volatility of expected results) an organization is willing to accept in pursuit of a desired financial performance (returns).

RISK MANAGEMENT:  A process of making and implementing decisions that will minimize the adverse effects of accidental losses on an organization.

RISK TRANSFER:  process to determine which risks to assume (self insure) or transfer through insurance or bonds.