What are the Risks that every organisation must assess?
Australian Standard AS/4360 defines a model and framework for assessment and mitigation of Risk, including how to establish a risk context, identify, analyse, evaluate, treat and monitor/review risks.
What AS4360 does not define are the specific risk categories that need to be defined and assessed within your organisation. Whilst there are many approaches taken, OpsCentre has found the most successful methodology to be one focusing on four key areas of risk:
Strategic Risk - is a risk that a company takes to fulfill its business objectives. Strategic risk is concerned with one overriding question: Can the firm’s business design deliver sustained, above-average growth in shareholder value?
Operational Risk - being the risk from mistakes or failures in operations. the Basel Committee defines operational risk as: "The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events." This includes legal risks, but not strategic and reputational risks.
Compliance / Governance Risk - are the risks inherent in the orgranisations Policies, procedures, structure, and authorities that oversee key company directions and decisions.
Reporting Risk - are those risks associated with an ability to produce all aspects of company reporting - board reporting, management reporting, legislative and statutory body reporting and so on.
Whilst many specific types of risks exist (credit risk, legal risk, lquidity risks, financial risks, market risk, volatility risk, Information Security Risks, IT risks, and others), assigning them into the above categories allows risk assessment, mitigation plans and ownership to be clearly defined within your risk management framework.
Click here for more information on this topic, or for an assessment of your needs.