A prioritisation process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order. Rate of occurrence multiplied by the impact of the event equals risk.
We identify potential risks, either by
|
|
Source analysis
|
|
|
Problem analysis
|
The chosen method of identifying risks depends on culture, industry practice and compliance, problem or event. Our common risk identification methods are:
|
|
Objectives-based risk identification
|
|
|
Scenario-based risk identification
|
|
|
Taxonomy-based risk identification
|
|
|
Common-risk Checking
|
|
|
Risk Charting
|
Once risks have been identified, we then assess as to their potential severity of loss and to the probability of occurrence. Our strategies include:
|
|
Risk Transference - transferring the risk to another party,
|
|
|
Risk Avoidance (not performing an activity that could carry risk),
|
|
|
Risk Mitigation - reducing the negative effect of the risk, and
|
|
|
Risk Acceptance - accepting some or all of the consequences of a particular risk.
|
Ideal use of these strategies may not be possible. Some of them may involve trade-offs.
Ideal risk management minimizes spending while maximizing the reduction of the negative effects of risks.
