Risk management is a process, not an event.
We at Dott Risk follow the following risk management process:
- Define your world - The initial step is to understand your world and your attitude to risk and risk management. This involves a critical evaluation of your operating environment, your industry, your existing risk management practices and a simple SWOT analysis. This will also include the formal adoption of a risk management policy and framework, the appointment of a risk champion and the identification of a team to own the risk management process.
- Identify the risks - The second step in the process is then to identify the risks. While this includes a broad process of risk identification, a great deal of this can be accomplished by completing the Dott Risk assessments. This starts with the completion of Tell Us More followed by our General Assessment to identify the key risk areas. This assessment will guide you on your areas of weakness and recommend the more detailed assessments - primary and secondary, that will help you to identify your areas of vulnerability.
3.The third step in the process is to assess the potential impact of the various risks facing your organisation. This will be done by completing the recommended detailed assessments, documenting your findings and calculating the potential losses (by considering the probability and scope of the loss).
4. Handle the risks. The next steps are by far the most critical. These involve acting on and implementing feedback from the guides and the process of managing the identified risks within a framework (accepting them, passing them on, eliminating them or minimising them). This not only requires critical decisions on what levels of risk are acceptable, but also typically requires risk mitigation for the various risks to be documented and projects established, with clear accountability assigned to one or more individuals. While many projects to manage risk take time to fully implement, it is vital that these projects remain focused and that these risks are managed and recorded in a meaningful risk framework.
5. Review and report. It is vital that the senior management and owners of the business are given effective feedback on the risk management initiatives and that the risk policies and practices are reviewed and renewed on an ongoing basis.