Front

*The risk assessment lies at the core of risk management. Without a clear understanding of the risks faced, none of the other risk management activities can be undertaken. This means that the organization will remain reactive instead of being able to take proactive steps informed by risk-based decision making. However, risk assessments have the potential to become hugely complex, sometimes becoming the only risk management activity that is undertaken, as organizations become exhausted by the assessment process and don’t conduct any of the follow-up activities. Detailed here is a four-phase risk assessment process that can be used for most non-technical assessments. * ...

Risk and risk discussions are often hampered by inconsistent terminology and a high degree of subjectivity. To overcome this, we need to understand what we mean when we ask ‘what is risk?’. This article lays out a concept for risk using the ISO definition – the effect of uncertainty on objectives. It breaks individual risks into their three main components: threat, vulnerability and impact for downside risks or opportunity, and exposure and impact for upside risks. These concepts form the basis for all subsequent risk discussions and lay the groundwork for a risk assessment methodology. ...