Risk Identification

Risk Identification

Some tips for identifying risks include:

• Workshop the risks in the risk library one-by-one in round table discussion
• Obtain reasonable proof of assertions made by individuals, before treating them as facts
• Consider the history of losses at departmental level
• Make personal observations if practicable

Describing Risks

Each description should be a concise statement incorporating two parts:

• A description of the risk (eg: A key member of the faculty leaves with limited notice taking course notes)
• A description of the primary consequence (eg: business interruption and re-creation of course notes)

Approaches used to identify risks include checklists, judgments based on experience and records, flow charts, brainstorming, interviews, workshops, systems analysis and scenario analysis.

Risk Categories

The University has identified categories of risk that reflect its current environment. These are summarized diagrammatically below in Figure 2. These categories assist in risk identification and provide a basis for organizing and reporting findings. These categories may be subject to periodic review to ensure they continue to reflect the University's environment.

Risk will be rated according to estimates of likelihood, consequence and existing controls.

The objective of this analysis is to prioritize risks into relevant rating levels. This rating will be used to focus attention primarily on higher risks.

Although low and medium risks may not be subject to further risk management processes, it is important that they are documented and added to the risk profile to demonstrate the completeness of the risk analysis.