5.- KEY PRINCIPLES FOR EFFECTIVE AND EFFICIENT RISK
ASSESSMENTS
For risk assessments to yield meaningful results with minimal burden to the organization, the following key principles should be considered.
-
Governance
over the risk assessment process must be clearly established. This
is is
critical to ensure that the necessary commitment and resources are
secured. The high management need to designate an appropriate
process owner.
-
Risk
assessment begins and ends with specific objectives.
Risks are
identified and measured in relation to an organization’s
objectives. Evaluating the risks relative to such objectives
facilitates the reallocation of resources as necessary to manage
these risks and best achieve stated objectives. As an organization
defines its objectives, it should also define the amount of risk it
is willing to accept in pursuit of its mission. Failure to define
risk amount could result in taking on too much risk to achieve
objectives or, conversely, not taking on enough risk to seize
crucial opportunities. An organization’s definition of its risk
amount serves as a basis for determining risk tolerance, or the
acceptable levels of variation that management is willing to allow
for any particular risk as it pursues objectives.
-
Management
forms a portfolio view of risks to support decision making. While
risks are rated individually in relation to the objectives they
impact, it is also important to bring risks together in a portfolio
view that pinpoints interrelationships between risks across the
organization. Correlations may exist, in which an increased exposure
to one risk may cause a decrease or increase in another.
Concentrations of risks may also be identified through this view. A
consistent portfolio view provides meaningful information that
allows the owners and sponsors of risk assessments to make informed
decisions regarding risk / reward trade - offs in operating the
business.
-
Leading
indicators are used to provide insight into potential risks.
Historically, management has tracked Key Performance Indicators
(KPIs) to help detect issues affecting the achievement of
objectives. In recent years, organizations have also been developing
Key Risk Indicators (KRIs) to help signal an increased risk of
future losses or an uptick in risk events. KRIs provide insight into
an organization’s risk position. To identify meaningful leading
indicators, management must identify and analyze changes in the
business environment, such as rapid growth, changing technology, or
the emergence of new competitors or potential customers that could
impact the organization’s ability to reach its objectives.