- 40 - 
management systems is provided by the definition of a risks 
policy as part of the corporate business policy, stipulating 
guidelines for dealing with risks. Risk management systems 
are generally developed according to the multi-phase model 
comprising risk analysis, risk control/handling, risk monitoring 
and risk financing, on the basis of the risks policy adopted for 
the company:
!
!
!
!
In the risk analysis process, all risks of relevance to the 
company, including the dangers described in the baseline 
protection concept, are to be identified, analysed and 
evaluated on an individual basis for each company.
Risk control serves to avoid or minimise risks and to 
pass on risks to third parties (customers, insurance 
companies, etc.); a residual risk will have to be 
accepted.
In the course of risk monitoring, early warning and 
controlling systems 
are to be set up and the corporate 
risks policy 
is to be adapted, if and as necessary 
Of major importance to companies is the question of risk 
financing, whereby the focus here must be on a medium- 
to long-term assessment
, to enable an adequate 
appraisal of the benefits of investing in security, such as 
competitive advantages, for example. 
In an institutional context, the introduction of risk 
management systems can be supported by appointing a 
risks officer
to evolve a risk management system and adapt 
this system to changing underlying conditions on an ongoing 
basis in cooperation with the staff responsible for security 
matters within the company and competent (official and non-
official) bodies outside of the company. 

Download 2.09 Mb.

Do'stlaringiz bilan baham: