Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
|
Risk assessment
140 Compliance, hazard, control and opportunity Categorizing risks according to a single risk classification system is not always help- ful. It may not be sufficient to simply understand the timescale of impact, especially when the nature of the impact is more important. It is for this reason that there will always be difficulties with a simple system for categorizing risks. It is for each organ- ization to identify the risk classification system(s) that suits its particular needs and the nature of the risks facing the organization. Risks need to be classified according to the source or impact as well as according to the timescale of the impact. Therefore, a combination of the FIRM risk scorecard and the classification of risks as hazard, control and opportunity risks can be used to provide a complete picture. It is possible to design a personal risk matrix that classifies risks according to the FIRM risk scorecard and also classifies them according to whether they are short term, medium term or long term. This will provide an issues grid that will assist with the identification of all possible significant risks, using a format that can be easily understood. An example of a completed grid is set out in Table 11.4, which presents the issues that could face an individual so that the risks can be identified. Many risk classification systems do not pay due regard to compliance risks. Risks can be classified as hazard, control and opportunity or they can be classified as long term, medium term or short term. If either of these classification systems is used, then there is a possibility that compliance risks will not be identified, because they do not necessarily fit within a classification system based on timescales. A further difficulty associated with compliance risks is that there is often the require- ment for a trigger event. In other words, an organization can be exposed to a number of compliance risks but it may be difficult to identify the particular compliance issue that will become a problem. Table 11.4 illustrates the balance of operational, tactical and strategic issues for each of the four headings of the FIRM risk scorecard. It can be seen that hazard risks are closely related to infrastructure issues and strategic risks are more likely to arise in relation to issues concerned with the marketplace. The risk classification systems discussed in this chapter are most easily applied to the analysis of hazard risks, except that the IRM standard and the COSO framework offer strategic risk as a separate risk category. It will be for an organization to decide whether including a category of strategic risks is helpful and necessary. The FIRM risk scorecard offers a means of classifying strategic and project (or tactical) risks according to the main impact associated with the risk, should it materialize. As with other core processes in an organization, classification of risks facing pro- jects is essential, so that the appropriate response to each risk can be identified. Given that the requirements of any project are that it should be delivered on time, within budget and to specification, these components offer a means of classifying project risks. Separate lists could be devised of risks that threaten the timescale, risks that threaten the budget and risks that will affect the final specification, performance or quality of the project outcome. |
