Difference between revisions of "Risk Identification"
From Open Risk Manual
Wiki admin (talk | contribs) |
Wiki admin (talk | contribs) |
||
| Line 3: | Line 3: | ||
== Tools == | == Tools == | ||
| − | * An important element of risk identification is the formulation of a [[Risk Taxonomy]] , namely the enumeration and grouping (categorization) of the various relevant [[Risk Type | risk types]] to which the organization is exposed. The taxonomy aggregates and systematizes the [[Material Risk]] contributions | + | * An important element of risk identification is the formulation of a [[Risk Taxonomy]], namely the enumeration and grouping (categorization) of the various relevant [[Risk Type | risk types]] to which the organization is exposed. The taxonomy aggregates and systematizes the [[Material Risk]] contributions |
* The second level of risk identification focuses on underlying causes ([[Risk Factor | risk factors]]) that are ''driving'' the realization of [[Risk Event | risk events]], individually or in some interacting sense. Identifying such common causes is essential for further steps in risk management, e.g. in [[Enterprise Risk Management]], [[Portfolio Management]] etc. | * The second level of risk identification focuses on underlying causes ([[Risk Factor | risk factors]]) that are ''driving'' the realization of [[Risk Event | risk events]], individually or in some interacting sense. Identifying such common causes is essential for further steps in risk management, e.g. in [[Enterprise Risk Management]], [[Portfolio Management]] etc. | ||
| − | * Further risk identification tools require specializing | + | * Further risk identification tools require specializing the risk taxonomy. For example [[Operational Risk]] identification may involve the following processes<ref>BIS, Review of the Principles for the Sound Management of Operational Risk (October 2014)</ref> |
** audit findings | ** audit findings | ||
** internal loss data collection and analysis | ** internal loss data collection and analysis | ||
Revision as of 13:51, 13 February 2023
Definition
Risk Identification denotes the first step in a formal Risk Management process. It aims to apply an analytical approach to the task of identifying and enumerating the various risks that an organization is facing.
Tools
- An important element of risk identification is the formulation of a Risk Taxonomy, namely the enumeration and grouping (categorization) of the various relevant risk types to which the organization is exposed. The taxonomy aggregates and systematizes the Material Risk contributions
- The second level of risk identification focuses on underlying causes ( risk factors) that are driving the realization of risk events, individually or in some interacting sense. Identifying such common causes is essential for further steps in risk management, e.g. in Enterprise Risk Management, Portfolio Management etc.
- Further risk identification tools require specializing the risk taxonomy. For example Operational Risk identification may involve the following processes[1]
- audit findings
- internal loss data collection and analysis
- external data collection and analysis
- risk and control self-assessments
- business process mapping
- risk and performance indicators
- scenario analysis
- comparative analysis
- external benchmarking
- creation and monitoring of action plans
Issues and Challenges
- Occasionally the various layers of risk identification get mixed (causes mixed with outcomes) with the result that the corresponding identification framework is conceptually less consistent, which has further implications on completeness and usability.
See Also
References
- ↑ BIS, Review of the Principles for the Sound Management of Operational Risk (October 2014)
