of the risk identification process is to generate a comprehensive
list of risks that might affect the University's objectives and
operations. These risks are then considered in more detail, to
identify their potential consequence.
Some tips for identifying risks include:
- Workshop the risks in the risk library one-by-one in round
- Obtain reasonable proof of assertions made by individuals,
before treating them as facts
- Consider the history of losses at departmental level
- Make personal observations if practicable
Each description should be a concise statement incorporating two parts:
- A description of the risk (eg: A key member of the faculty leaves with
limited notice taking course notes)
- A description of the primary consequence (eg: business interruption
and re-creation of course notes)
Approaches used to identify risks include checklists, judgments based
on experience and records, flow charts, brainstorming, interviews,
workshops, systems analysis and scenario analysis.
The University has identified categories of risk that reflect its
current environment. These are summarized diagrammatically below
in Figure 2. These categories assist in risk identification and
provide a basis for organizing and reporting findings. These categories
be subject to periodic review to ensure they continue to reflect
the University's environment.
Risk will be rated according to estimates of likelihood, consequence and
The objective of this analysis is to prioritize risks into relevant rating
levels. This rating will be used to focus attention primarily on
Although low and medium risks may not be subject to further risk management
processes, it is important that they are documented and added to
the risk profile to demonstrate the completeness of the risk analysis.
|Interruption to Research