Risk Assessment

Risk Assessment I

An approach to process risk assessment

Why Risk Assessment ?

It is important that any organisation understands the impact that its business processes may have on its operational risk and ability to continue in business. Consequently any organisation must design and develop a method of risk assessment which can be used to identify and determine these risks.

The Risk Assessment Process
  1. Identify the Process

    This involves identifying and then documenting the process. In some cases the process will already have been defined and documented which will usually be in the form of a process flow chart. However if new processes are being designed they may not be clearly defined. In these cases additional time will have to be allowed for this phase of the work. However it is a critical phase which cannot be omitted as risk assessment cannot be performed properly until a process has been defined and described.

  2. Identify Process Weaknesses

    Once each process has been documented a trained and skilled individual, or group of individuals, should review the process to identify any weaknesses in the process. These weaknesses are the parts of the process that could lead to an operational risk event. It must be noted that these weaknesses are not necessarily an indication of inefficiency, they are specifically those which may give rise to an operational risk.

    Examples of process weaknesses:

    Operator error
    this may be due to the fact that a particular activity is manual rather than automated e.g. an employee might make a data input error or fail to comply with a particular procedure or piece of legislation.
    Employee actions
    e.g. fraud, breach of policy rules and regulations.
    Customer actions
    e.g. fraud or other form of theft
    Supplier actions
    eg. provision of faulty or defective materials and/or information
    Data loss and/or theft
    where data is simply lost either mistakenly or deliberately. This could be either an internal or external loss.
    Data corruption
    when data is transferred from one system to another and becomes corrupted in the process or where information is input incorrectly.

    The above are only examples of weaknesses. Each organisation will have to take a view on weaknesses which may be applicable to themselves.

  3. Identify Process Risks

    Once the weaknesses, or what are sometimes known as points of failure, have been identified the operational risk events that are associated with these points should be identified. To help with this stage of the process it is advisable for the organisation to determine and agree the categories of process risk. Although there may be risks that are common to all sectors of the economy, it is likely that many risks will be unique to each organisation. Once agreed these risk categories should then be documented.

    Each risk which is subsequently identified from the review of the process should then be recorded in an agreed format.

  4. Evaluate the Risk

    Some organisations may choose to score the risk. This is an optional task, but if carried out helps to identify the potential severity of the risks and thus the importance to the organisation. If risk scoring is pursued it will be possible to determine and quantify the organisations risk exposure. Both the probability of an event occurring and its potential impact should be assessed. In this way an organisations exposure to risk can be accurately assessed. Once all risks have been scored it will be possible to produce a list or table of all risks and their potential threat to the organisation. This can then be used to determine which risks will need to be addressed and the identifying actions that can be introduced to reduce the threat they pose. Clearly priority should be given to those risks posing the greatest threat.

This stage concludes the required identification and assessment of risk. The next stage is to identify and design measures that can be implemented to mitigate against these risks. This is described in Risk Assessment II.

Custom Search

Valid CSS! Valid HTML 5.

browser implementation

For more information, contact: Managers-Net.