Professional Documents
Culture Documents
Risk management has come to be regarded as an essential element of good governance, and as an integral part of internal control.
Definition of risk
Risk can be defined as either: a threat to achieving corporate objectives or outcomes, or an opportunity to enhance or accelerate the achievement of corporate objectives. "The chance of something happening that will have an impact on business objectives." "Risk arises as much from failing to capture business opportunities as it does from a threat that something bad will happen."
Measuring Risk
Impact
The organisation would not survive Major impact on the achievement of the organisations business plan and the quality of its overall services
Likelihood
Certain Probable (likely to happen each year)
Probability
More than 80% 50% - 80%
Significant impact on the Possible (could success of the business happen in the and quality of its services next three years) Some impact on the organisations staff and minor effect on its clients Insignificant impact on the organisation or its staff Unlikely (may happen in the next five years) Remote
25% - 50%
5% - 25%
Less than 5%
Action
bottom up risk identification of significant issues at departmental level to ensure that staff are extensively involved in the process and risk management becomes an accepted dimension of planning top down strategic review of risks from the Board's perspective to ensure that all risks to achievement of corporate objectives are identified and action on most significant risks is prioritised.