Risk classification systems
135
FIgURE
11.2
Bow-tie and risks to premises
Risk source
Flood
Fire
Earthquake
Break-in
Impact
Financial
Infrastructure
Reputational
Marketplace
Damage to
premises
examples of risk classification systems
Table 11.1 provides a summary of the main risk classification systems. These are the
COSO, IRM standard, BS 31100 and the FIRM risk scorecard. There are similarities
in most of these systems. It should be noted that identifying risks as: 1) hazard, con-
trol or oppor tunity; 2) high, medium or low; and 3) short term, medium term and
long term should not be considered to be formal risk classification systems.
Many organizations struggle to find a suitable risk classification system. Often,
this is because there is insufficient attention paid to the nature of the risks that are
being classified. The bow-tie representation of the risk management process illustrates
that it is possible to classify risks according to their source, the component of the
organization that the event impacts and the impact and/or consequences of the
risk materializing.
Short-, medium- and long-term classification of risks represents the operational,
tactical and strategic risks faced by the organization. The categories of disruption to
organizations described in Table 3.2 uses a classification system according to the com-
ponent of the organization that is impacted. This is the people, premises, processes
and products (4Ps) risk classification system. The FIRM risk scorecard described in
Table 11.2 classifies risks according to their impact.
TAbLE
11.1
Risk classification systems
Standard or
framework
COSO erM
irM standard
Do'stlaringiz bilan baham: |
