- Sources – What are the sources of risk that the organization faces?
- Assets – What assets are we trying to protect?
- Stakeholders – Who are they? Which ones have influence and which ones are affected?
- Goals and objectives – What do we hope our risk management systems will contribute to the organization? What are the strategies that we will or do use to achieve them?
- Responsibilities – Who exactly, is responsible for what in the our risk management systems?
- Resources – How many resources do we have available? Is it enough or too much? What budget and resources do we actually need?
- Scope – What is the depth and breadth of our risk management activities? What exactly will we address and what will we not address? What activities, processes, functions, projects, services, assets or products are we addressing? What locations, departments or businesses are we concerned with?
- Documentation – What records will we keep? Who will keep them? Where? For how long?
- Methodologies – What methodologies will we use? To what extent and in which areas?
Answer each of the above points as a section heading or in a table in your risk assessment and you'll have covered most of the bases for
Examples of Sources of Risk Facing an Organization
· Animal health · Asset management and resource planning · Audit · Bank management and risk analysis · Biological agents · Business continuity planning · Business interruption · Business law and practice · Computer networks · Conservation and environment · Contingency · Contract management · Corporate environmental management · Corporate governance. · Criminal elements · Design liability · Disaster · Discrimination · Emergency planning · Employment procedures · Engineering changes · Environmental health risk management · Environmental issues · Ethics issues · Feasibility studies · Federal government · Finance · Financial management · Fire detection · Fire prevention · Foreign exchange operations · Foreign intelligence services · Fraud · General liabilities | · Global resources and energy management · Harassment · Human factors · Human health · Human resource management · Information systems · Information systems security · Insurance · Investment and portfolio management · Knowledge management · Legislative compliance · Local government · Maintenance systems · Managing people and organizations · Occupation health and safety · Operations management · Organizational change · Organizational culture · Plant health · Political change · Politically motivated violence · Probity issues · Product liability · Professional advice · Project management · Public risk · Quality assurance · Reputation issues · Research and development · State government · Strategic management · Technological change · Terrorist groups · Training · Transport · Treasury management · Zoological agents |
The table below, offers a number of typical internal and external sources of risk broken up into four primary categories of Strategic, Financial, Operational and Hazards. This list is by no means exclusive but can be a useful analysis tool for starting to consider and evaluate sources of risk.
Strategic | Financial | Operational | Hazards | |
External | Competition Customer changes Industry changes Customer demand | Interest rates Foreign exchange Credit Financial markets | Legislation Culture Board composition Contracts Counterparty risk | Natural events Suppliers Environment Hazardous materials |
Internal | Management decisions Research and development Intellectual capital Capability | Cost Management Liquidity Cashflow | Accounting controls Information systems Supply Chain Recruitment and retention | Public access Human factors Property Products and services Work practices |
A similar analysis of each of the key questions above (Sources, Assets, Stakeholders, Goals, Responsibilities, Resources, Scope, Documentation and Methodologies), although time consuming will yield all the answers you need. For a short risk assessment, you might find that all you really need is a paragraph on each and you'll have covered it. For a more complex risk assessment, you might need a large table and a full section on each item. Context is king, in this as in all things risk.
No comments:
Post a Comment