The risk identification process identifies and classifies the various risks that could affect an organisation. Its endeavour is to list the risks and the likely impact which can then be tracked all along. Vikash Khandelwal writes the first of a series of articles on the various steps in risk management.
Let me start with an article that I had read in a newspaper recently. The roof of a newly constructed mall had collapsed. Some of its tenants and the shoppers were injured, others buried under the debris. Only a lucky few escaped unhurt. Many businesses today could face with a similar situation or something even worse given the fact that they are operating in complex environments spread across different geographies and governed by diverse regulations. One of the solutions to prevent or avoid the assumption of such unintended liability is to employ a strategy where some¡one else agrees to assume the risk or indemnify you. Transferring risk is a strategy that involves the contractual shifting of risks from one party to another. Buying insurance is the most common form of transferring risks. Other methods of transferring risk to another party or entity include contractual agreements or requirements and hold harmless agreements. It's important to have a structured approach towards the insurance programme for the organisation.
Identify the risks to business
Identification of the risk is the first step and one of the most important aspects of the risk management and transfer strategy. An organisation must be aware of all the potential threats to its normal functioning. The outcome will be a list of risks that the team will feel vulnerable to. Most risk identification exerc¡ses involve the following:
The risks thus identified then become a part of the process of assessment, analysis, mitigation and planning at various stages of the organisation. Once listed, risks should be ranked based on financial impact and likeli¡hood of occurrence. This assessment will place risk events in one of the following four risk response categories:
In conclusion, the risk identification process identi¡fies and classifies the various risks that could affect the organisation. Risk identification is a continuous process and new risks should continually be included into the process. The people, like in all functions of the organisation will continue to hold the key.