Part 1: Risk Identification and Risk Assessment
Updated: Jan 14
In the last blog post I introduced the definition of Risk Management and in this post will, from a high-level point of view, discuss how the Risk Management process works. In particular I will be covering two of the four stages; Risk Identification and Risk Assessment.
Risk Identification defines what the risk is, while Risk Assessment quantifies how the risk will affect you (often negatively) meeting your goals.
Risk Identification is usually based on subjective observations supported by data to identify risks. This is often as the risk may not have resulted in a bad outcome for you or your company in the past as the risks in some cases can be quite rare. For example a warehouse fire, but based on data you can identify that warehouses are subject to rare fires. If you operate from premises you can see them subject to fire, flood, theft, deliberate and accidental damage so these are the risks that you Identify. One of the starting points to identify risks is to see what negative complaints, losses, legal disputes, etc that the business has faced with the last few years. On top of that you can look at incidents in the industry that have impacted competitors based on media reports and other news sources. Furthermore meetings within the firm can also identify process and procedure risks inherent to normal business practices.
Risk Assessments is where the risks that have been identified are then assessed to determine the impact and likelihood of occurrence. In the example above the impact of a warehouse fire would be significant, threatening the business. Although the chance of a fire maybe very low in terms of likelihood. From this assessment all risks can be reviewed on a scale to determine if they have a high impact and high chance of occurring (so thereby being a critical risk to the business) to the lower end of the scale being a risk with a low impact and low chance of occurring (thereby being minimal risk to the business. In the next stage, Risk Mitigation you then look at the risks assessed as "critical" to see what to do about them.
In the next blog we will look further at the stages of mitigating and monitoring the firm's risks.
If you would like to learn more about Risk Management please feel free to contact me for a meeting.