Module 3. How Risks can be identiffied and analyzed? Flashcards
is the process of determining potential risks to your business. The objective of this is to understand what is at risk within the context
of the Institution’s objectives.
Risk identification
Benefits of Risk Identification
- Identify potential threats to your business, both internal and external to become prepared for any possibilities.
- Assess your business vulnerabilities, knowing your weak spots can protect yourself from possible attacks.
- Make better decisions and avoid costly mistakes.
are useful for identifying, filtering and screening risks but it is important that these judgement based techniques be supplemented by more robust and sophisticated methods where possible, including quantitative techniques
Risk workshop and interview
Focus points of Risk Identification
(1) Strategic Risk Identification
(2) Operation Risk Identification
(3) Project Risk Identification
identify risks emanating from the strategic choices made by the Institution, specifically with regard to whether such choices weaken or strengthen the Institution’s ability to execute its Constitutional mandate:
Strategic Risk Identification
identify risks concerned with the Institution’s operations. It should seek to
establish vulnerabilities introduced by
employees, internal processes and systems,
contractors, regulatory authorities and
external events;
it should be an embedded continuous process to identify new and emerging risks and consider shifts in known risks through mechanisms such as management and committee meetings,
environmental scanning, process reviews and
the like; and
should be repeated when changes occur, or at least once a year, to identify new and emerging risks.
Operation Risk Identification
identify risks inherent to particular
projects. it should be identified
for all major projects, covering the
whole lifecycle; and
* for long term projects, the
project risk register should be
reviewed at least once a year to
identify new and emerging risks.
Project Risk Identification
How to perform Risk Identification?
- Undestand what to consider when identifying risks.
- Gather information from different sources to identify risks.
- Apply risk identification tools and techniques
- Document the risks identified
- Document your risks identification process
is comprehensive record of all risks across the institution or project depending on the purpose/context of the register
Risk register
Three main purpose of risk register
- A source of information to report the key risks throughout the institution
- For the management to focus their priorities risks.
- To help the auditors to focus their plans on the institutions’s top risks.
- framework including an assessment of
whether the risk is acceptable or whether it
needs to be treated; - a clear prioritization of risks (risk
profile); - accountability for risk treatment (may be
part of the risk treatment plan); and - timeframe for the risk treatment
Risk register
seeks to identify, measure, and mitigate various risk exposures or hazards facing a business, investment, or project.
Risk analysis
enables corporations, governments, and
investors to assess the probability that an adverse event might negatively impact a business, economy, project, or investment.
Risk assessment
Types of Rsk analysis
- Risk benefits
- Needs assessment
- Business impact analysis
- Root cause analysis
In this type of analysis, an analyst compares the benefits a company receives to the financial and nonfinancial expenses related to the benefits
Risk benefits
is an analysis of the current state of a company. Often, a company will undergo a needs
assessment to better understand a need or gap that is already known
Needs assessment
In many cases, a business may see a
potential risk looming and wants to
know how the situation may impact the
business.
Business impact analysis
Opposite of a needs analysis,. This is performed because something is happening that shouldn’t be. This type of risk analysis strives to identify and eliminate processes that cause issues
Root cause analysis
How to perform a risk analysis?
- Identify the risks
- Identity uncertainty
- Estimate impact
- Build analysis model
- Analyze the results
- Implement solutions
is a statistical technique to understand financial uncertainty or risk in a project or business venture. It uses numerical values and complex
data to determine the probability of a specific event and the potential impact that event could have on the organization.
Quantitative risks analysis
is best described as a project manager’s first line of defense against risks. It helps weed out potential detractors to the project’s success, including risks that are unlikely to cause any severe harm to the project. By targeting the most dangerous risks first, risk analysis in project management becomes more efficient and project managers are able to allocate their time and resources more effectively
Qualitative risk analysis
is a statistic that measures and quantifies the
level of financial risk within a firm, portfolio, or position over aspecific time frame. This metric is most commonly used by investment and commercial banks to determine the extent and
occurrence ratio of potential losses in their institutional p
Value at risk (VAR)
Pros of Risk Analysis
- minimizing losses dues to management preemptively forming a risk plan
- may protect the company’s resources, produce better processes, and mitigate overall risk.
Cons of Risk Analysis
- relies heavily on estiamtes, so it may be difficult to perform for certain risks
- can not predict, unpredictable, black swan events
Three main compnents of Risk Analysis
- Risk assessment
- Risk management’
- Risk communication
component of risk analysis which is the process of identifying what risks are presnet
Risk assessment
It is the procedures in place to minimize the damage done by risk.
Risk management
It is the company-wide approach to acknowledging and addressing
risk.
Risk communication
The importance of ___________is that It allows the examination of the risks that organizations face and helps decide whether or not to move forward with a decision
risk analysis
