Risk assessment is a sequence of various activities aimed at identifying and evaluate the set of risks that the organization has to face. The international literature offers several techniques of modeling and decision-making1- 2 that can become part of the analysis.
The results of risk assessment can be summed up in two outputs that address the following stages of treatment and control:
- the risk profile;
- the risk appetite.
The risk profile represents the level of overall exposure of the organization, defining in a complete way the complexity of the risks to be managed and their ranking, according to their entity and significance. A segmentation for entities (areas, functions, people, sites) or decisional levels and the actual measures of treatment and control complete the profile. This takes to the expression of the:
- gross profile: the level of exposure to the events without any measure of treatment;
- net profile: the level of exposure, according to the measures of treatment in place (if effective or not);
- net future profile: the level of exposure surveyed after all the measures of treatment are implemented.
The definition of the risk appetite is a key outcome of the assessment process: on the one hand it is appropriate to draft it before the risk identification (where the level of accuracy of analysis can also depend on the risk appetite itself), on the other it is absolutely necessary to fix it before taking any decision about the treatment.
In any case, the risk appetite presents two different dimensions according to the scope of analysis:
- threat: the threshold level of exposure considered acceptable by the organization and justifiable in terms of costs or other performance;
- opportunity: what the organization is willing to risk to achieve the benefits in analysis, compared with all the losses eventually arising from a failure.
The so defined risk appetite can be adjusted through the delegation of responsibilities, strengthening the capability of taking decisions at different levels according to cost dynamics.
- 1269 reads
