Fundamentals of Risk Management


Approaches to risk management


Download 3.45 Mb.
Pdf ko'rish
bet100/445
Sana02.06.2024
Hajmi3.45 Mb.
#1833791
1   ...   96   97   98   99   100   101   102   103   ...   445
Bog'liq
Fundamentals of Risk Management

Approaches to risk management 
88
review and evaluation of information relating to emerging risks. In order to compre-
hensively determine the specific impact and consequences for the organization, the 
mechanism for identifying emerging risks should also include provision for identifying 
opportunities that may be exploited in the future.
In summary, the organization is required to identify each specific external, internal 
and risk management context issue that could impact the organization, acquire and 
evaluate timely knowledge and information about them, evaluate the risks and
opportunities that these context factors present and take appropriate actions to
mitigate the risks and embrace the opportunities. All of this must be documented 
within the scope of the risk architecture, strategy and protocols (RASP).
Designing a risk register
The use of risk registers has become established practice for many risk managers. 
There are disadvantages associated with the use of risk registers, including the danger 
that the information recorded in the risk register will not be used in a dynamic way. 
The risk register could become a static record of risk status, rather than the risk
action plan for the organization.
A risk register is defined in the ISO Guide 73 as the ‘document used for recording 
risk management process for identified risks’. The guide adds that the purpose of the 
risk register is to facilitate ownership and management of each risk. Typically, the risk 
register will cover the significant risks facing the organization or the project. It will 
record the results of the risk assessment related to the process, operation, location, 
business unit or project under consideration.
When a risk assessment is undertaken of strategic options, it is more usual for the 
risk assessment to be used as part of decision-making activities. Typically, this infor-
mation will not be recorded in the format of a risk register, but will be presented to 
the decision maker as part of the full range of information available for making that 
strategic decision.
The purpose of the risk register is to form an agreed record of the significant risks 
that have been identified. Also, the risk register will serve as a record of the control 
activities that are currently undertaken. It will also be a record of the additional
actions that are proposed to improve the control of the particular risk.
Other information about risks will also be included in the risk register. Although 
there is no fixed format for this document, Table 7.1 provides an outline of a basic 
format for a risk register. It may not be necessary to include all of the risk description 
information set out in the table in the risk register, as this could make it a complex 
and clumsy document.
Risk registers can be compiled in a number of formats, depending on the type of 
risk assessment that is being recorded. Table 7.2 provides an example of a partially 
completed risk register for a sports club and Table 7.3 provides an example of a risk 
register for a hospital.
At its most simple, the risk register can be stored as a document held on a computer. 
However, there are many more sophisticated forms of risk registers, including



Download 3.45 Mb.

Do'stlaringiz bilan baham:
1   ...   96   97   98   99   100   101   102   103   ...   445




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling