Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Attitude to risk
|
Risk assessment
128 In order to understand the risks facing an organization and be able to undertake an accurate risk assessment, extensive knowledge of the organization is required. To complete an accurate risk assessment that correctly identifies the significant risks and then goes on to identify the critical controls is a time-consuming and resource- intensive exercise. In relation to the public perception of risk, members of the public often only have access to incomplete information and are subject to strong arguments from lobbying and other special interest groups. Therefore, the public understanding and percep- tion of risk may not be sufficiently informed or entirely objective. Journalists and news reporters have a duty to present news stories in an objective and unbiased manner, which may not be easy when the people receiving the information do not have a full understanding of the risks involved. Government will make available its assessments of risks that affect the public, how it has reached its decisions and how it will handle the risk. It will also do so where the development of new policies poses a potential risk to the public. When information has to be kept private, or where the approach departs from existing practice, it will explain why. Where facts are uncertain or unknown, government will seek to make clear what the gaps in its knowledge are. It will be open about where it has made mistakes and what it is doing to rectify them. HM Treasury Government risk assessments Attitude to risk Figure 10.1 provides an empirical illustration of risk attitude using a standard risk matrix. It represents the risk attitude of a risk-averse organization. It is becoming more common for a risk attitude matrix to contain four sections. These sections can be represented by the 4Cs of comfort, cautious, concerned and critical. Risk attitude represents the long-term approach of the organization to risk. These descriptors can also be attached to the four sections on a risk appetite matrix to describe the approach to short-term risk taking. The relationship between risk attitude and risk appetite is discussed further in Chapter 25. The darkest area in Figure 10.1 represents the critical risks for the organ ization. For a risk-aggressive organization, there are fewer risks of concern, so that the ‘universe of risk’ considered by the board will be very restricted. The phrase ‘universe of risk’ is often used by internal auditors to identify audit priorities. Working with such a closed or restricted ‘universe of risk’ will increase the chances of an unidentified significant risk impacting the organization. Each different stakeholder will have a |
