Risk Register as a Tool of Risk Management (I)
What is the role of risk register in preparation for potential risks? How the risk weight and impact should be calculated?
Posted: Mar 2012
Risk management is the part of regular activities of many companies. Since in every business and within every segment of activity there is a certain risk, the investment in risk management is justified.
If the risks are regularly defined, evaluated and followed by the adequate response plan, than the effects of possible negative events can be mitigated.
In order to be fully meaningful, the risk management need to have a structured approach. This structure requires a risk management team and risk register tool.
Risk Management Team
Risk management team should be the body of people from different departments from different fields of expertise. The team should deal with risks assessment periodically, as per need. This mean that risk team is not formal team of full time risk analysts. The team is gathered on special occasions e.g. large scale project, significant legislation changes, big market changes, company related crisis situations, etc.
The team should be summoned by risk manager, whose role is to coordinate with activities of the risk team. The risk manager should be appointed and report directly to general manager. The risk manager should be owner and in charge for maintaining the risk register.
The potential risks should be maintained in the risk register tool. The purpose of the risk register is to track risks, assess impact, create response and contingency plans and to assign responsibilities.
The most important aspect of the risk register tool is determination of the risk priority. Higher priority risk requires more attention, focus and resources. How is the risk weight assigned?
There are different variations of risk impact calculation and risk classification. Basically, the weight of the risk is the combination of likelihood, required time and potential cost in case of event appearance. The algorithm of calculation can be different. In this particular case the calculation is:
Risk Impact = ( Time + Cost ) x Likelihood
Since time and cost is closely related ( it is said that time = money ) they are summed and then multiplied by estimated probability of event appearance. The calculation can be based on different principle. But in essence, every calculation will give the priority of the risk. All risks should be ranked and addressed accordingly.
Every risk should have the responsible response team. Usually it should be more than one person. This means that one person can be accountable manager, the person who is the responsible person.
The other person should be risk owner, the person who deals with risk. In case of complex risks it is possible to appoint response plan owner additionally.
The risk management should be the regular tool for mitigating negative events that may appear. Without risk management the company would face a certain event in the moment of appearance, totally unprepared. With proper risk management planning company have more chance to fight the negative events of different origin.
Risk Register as a Tool of Risk Management
Risk Universe: People Assets
Risk Universe: Product and Marketing Assets
Risk Universe: Infrastructure Assets
Risk Universe: Information Assets
Risk Universe: Finance Assets