2. Business risk assessment refers to the assessment of
risks and opportunities affecting the achievements of
the organizational goals and objectives.
Business risk assessed at three levels. Business risk
assessment at all three levels is essential to identify the
THREATS, OPPORTUNITIES and ALTERNATIVES for action
to achieve the organizational goal and objectives:
Strategic: guidance for a time period of 5 to 10 years
and assessment performed by senior management.
It is usually limited to assessment i.e. Identification,
Measurement and prioritization of risk.
2
3. Project/Program/Process: for current period of
organizational activity. Project manager or process owner
is responsible for initial assessment and monitoring or
may also share with an oversight committee.
It is a mixture/blend of risk assessment in the planning
phase and risk management in the implementation phase.
Operational: in everyday operations like health and safety
issues. This performed by supervisory level or by
individuals or work team tasked with a particular
management.
It is usually focuses on risk management i.e. standard
workplace risks and hazards have been already identified
in strategic process of assessment; the task is to manage
risk to get the job done.
3
4. Strategic Risk Assessment
1. Understanding of overall goals and objectives by
examining of fundamental documents and
classification of indentified goals and objectives into
SHORT, MEDIUM and LONG TERMS issues.
2. Choosing of strategic risks that are likely to be of
greatest importance:
◦ Operational risk is that entity will not meet its operational
goals and objectives.
◦ Fiscal risk is that deficiencies in expenditure control and
revenues will adversely affect agreed-up outcomes or
objectives.
◦ Reputation risk is that some action by the entity will impair
the ability to reach its goals and objectives.
◦ Other strategic risk, such as Policy, Regulatory etc.
4
5. 3. Definition of various important and relevant
environments and uncertainties:
◦ Political / Government
◦ Technological
◦ Legal and Regulatory
◦ Competitors
◦ Customers, Constituents and stakeholders
◦ Physical
◦ Markets
◦ Suppliers
◦ Economic/Financial
5
6. 4. Creation of series of matrices …… environments
(step 3) X identification based on time (step 1)
5. Using of various creative processes such as
brainstorming, imagine scenario of possible
threats and opportunities for each cell of matrix.
Thinking outside the box as much as possible.
6. Combining of the risk assessment for various
goals and objectives for each of the three time
horizon to get a composite strategic risk
assessment.
6
7. Project Risk Assessment
It uses a different method to identifying risk
and opportunity. The method can be one or
combination from the following:
◦ Exposure analysis based on assets involved
◦ Environmental analysis based on study of changes
◦ Threats scenario by exploring various narrative
scenarios under numbers of different conditions,
especially for catastrophic events and frauds
7
8. Observation or/and measurement of risk is a difficult
subject, therefore, risk factors are used that are either
observable or measurable characteristics of conditions
at risk.
A standard set of risk factors and criteria should be
established to measure and rank projects according to
their perceived risk.
Each project, program or process to be formally
assessed for risk should be scored by the project
initiator with the established risk factors based on
understanding of the project, program or process and
the perception of risk as described.
8
9. Procedure of Project Risk Assessment
◦ Identify Risk: use one or more methods to identify
risk i.e. Exposure, Environmental and/or Threat
analysis.
9
10. Measure Risk/Develop Alternatives:
◦ Read each factor and sub-criteria for familiarization with aim of
each.
◦ Consider the project, program or process using each of the
factors/criteria.
◦ Score each factor for the project, etc. on a scale of 1 to 5 (lowest
to highest) based on your subjective assessment of the
strength/weakness or presence/absence of the criteria.
◦ Sum the scores for the each factor and divide by the number of
factors to get the average score.
◦ High risk score are those with an average of 4.25 or more. Low
risk scores are those with an average score less than 2.25. These
are starting figures that can be adjusted for experience.
◦ Analyze high-risk areas and develop alternatives i.e. controls and
other risk management techniques, to deal with each of the high
risk components.
◦ Price out the alternatives and compare risk and cost.
10
11. Control design: choose the most cost-effective
controls within reasonable prudence and
organizational tolerance for accepting risk.
Risk Management: monitor risk and hazards,
making adjustments to the project plan as
necessary to meet changing conditions.
11
12. Operational Risk Management
Operational risk is the day to day mitigation of safety
and health risks of employees performing their jobs.
Operational risk also covers visitors and temporary
workers in the workplace and risk to general public due
to operations.
The focus of operational risk is on risk management.
Risk assessment usually done by a specialist involved in
workplace risk:
◦ Health Risk
◦ Safety Risk
◦ Environmental Risk
12