Risk Identification

From Open Risk Manual


Risk Identification denotes the first step in a formal Risk Management process. It aims to apply an analytical approach to the task of identifying and enumerating the various risks that an organization is facing.


  • An important element of risk identification is the formulation of a Risk Taxonomy, namely the enumeration and grouping (categorization) of the various relevant risk types to which the organization is exposed. The taxonomy aggregates and systematizes the Material Risk contributions
  • The second level of risk identification focuses on underlying causes ( risk factors) that are driving the realization of risk events, individually or in some interacting sense. Identifying such common causes is essential for further steps in risk management, e.g. in Enterprise Risk Management, Portfolio Management etc.
  • Further risk identification tools require specializing the risk taxonomy. For example Operational Risk identification may involve the following processes[1]
    • audit findings
    • internal loss data collection and analysis
    • external data collection and analysis
    • risk and control self-assessments
    • business process mapping
    • risk and performance indicators
    • scenario analysis
    • comparative analysis
    • external benchmarking
    • creation and monitoring of action plans

Issues and Challenges

  • Occasionally the various layers of risk identification get mixed (causes mixed with outcomes) with the result that the corresponding identification framework is conceptually less consistent, which has further implications on completeness and usability.

See Also


  1. BIS, Review of the Principles for the Sound Management of Operational Risk (October 2014)