Assessment of Risks

The assessment of the risk exposure of any organisation has five components.

1. Firstly, the identity (nature and extent) of the risks facing the company should be identified. This may involve consulting with relevant senior managers, consultants and other stakeholders.

2. Second, the company should decide on the categories of risk that are regarded as acceptable for the company to bear. Of course any decision to discontinue exposure to a given risk will have implications for the activities of the company and this cost will need to be considered against the benefit of the reduced risk.

3. Third, the assessment of risk should quantify, as far as possible, the likelihood (probability) of the identified risks materialising. Risks with a high probability of occurring will attract higher levels of management attention than those with lower probabilities.

4. Fourth, an assessment of risk will entail an examination of the company’s ability to reduce the impact on the business of risks that do materialise. Consultation with affected parties (e.g. departmental heads, stakeholders, etc.) is likely to be beneficial, as information on minimising negative impact may sometimes be a matter of technical detail.

5. Fifth and finally, risk assessment involves an understanding of the costs of operating particular controls to review and manage the related risks. These costs will include information gathering costs, management overhead, external consultancy where appropriate, etc.





***********