Last week’s blog addressed risk management. This week I will address risk assessments.
When addressing risk, your company may have anywhere from no problems to lots of problems. It is risky to not perform frequent assessments. If you don’t perform risk assessments, how will you know if you have problems?
Your procedure may look like this:
- Identify potential risks
- What is the likelihood of it happening?
- If the likelihood is zero, document it and do not perform a detailed risk assessment.
- If there is a chance that the risk is real, move into a detailed risk assessment.
A detailed risk assessment may look like this:
- What is the financial impact?
- What are we currently doing about it?
- Can we avoid it; control it; finance it; transfer it?
- Review the levels of risk
- Identify your risk control options
- Evaluate your remaining risks
- Decide if benefits exceed remaining risks
- Identify risks arising from risk controls
- Ensure that all risks were considered
- Choose a plan of action
- Implement appropriate risk control options
- How well did your plan work?
The goal is complete confidence that you are risk free…