- IT and Systems
Risk Identification and Assessment
Risk identification is the process of determining risks that could potentially prevent the enterprise from achieving its objectives. It includes documenting and communicating the concerns in a Risk Register. Once risks have been identified and categorized, the potential hazards are analyzed according by probability and impact which allows the identification of high risk items.
Once risks are identified and prioritized, how will we respond to them? The risk treatment involves the strategies to address the various risks - low or high, acceptable or unacceptable. By evaluating data in the Risk Register, ERM develops a response, or risk treatment, for those risks. For each risk, a treatment is determined from options such as:
The method of transferring risk is exemplified when we transfer risk from one party to another through the purchase of insurance.
General Liability Insurance – broad protection from injury, property, and other liability claims
Cyber Liability Insurance – protection from data breaches, hacking attacks and computer or network related crimes against your company that compromise confidential customer or company data
Errors and Omissions Insurance – Professional Liability Insurance: liability protection for claims against your organization for negligence, errors, oversights and mistakes
Risk – uncertainty about outcomes that can be either negative or positive
Risk Appetite – amount of risk (volatility of expected results) an organization is willing to accept in pursuit of a desired financial performance (returns)
Risk Management – process of making and implementing decisions that will minimize the adverse effects of accidental losses on an organization
Risk Transfer – process to determine which risks to assume (self insure) or transfer through insurance or bonds