The identification of risks allows to acquire knowledge on possible future events, trying to measure the level of exposure of the organization. The target is to identify all the significant source of uncertainty in order to describe and proactively manage different scenarios. The identification is the first step to define the risk profile and the risk appetite of the organization.
This activity has to be repeated continuously and can be divided into two distinct stages:
- initial identification of risks: to be developed for organizations without a systematic approach to risk management. It is required to gather information on hazards and their possible evolutions;
- ongoing identification of risks: to update the risk profile of an organization and its relations, taking into account the generation of new risks or modifications to the already identified ones.
All the process mapping techniques are extremely useful to associate and connect risks with activities (Figure 7.3). The level of detail is determined by the necessity of identifying the specific impact associated with risks, of assigning responsibility of management and defining the subsequent actions to ensure control.
This can be developed with the support of external consultants or through a self-assessment which, if conducted with adequate methodological tools, provides a better awareness of the profile and an upgrade of the management system.
Among the others, the most common and widely used (successfully tested in other fields as for marketing and quality management) are:
- techniques of data collection and statistical analysis;
- techniques of problem finding and problem solving;
- SWOT analysis and Field Force;
- benchmarking with competitors or best in class.
- 1141 reads
