Having identified suitable risk assessment procedures and decided the benchmark test of significance for different classes of risks, it will then be possible to identify the appetite or attitude to that type of risk, together with the capacity of the organisation to withstand that risk. Finally, the organisation can determine the overall exposure to the particular type of risk under consideration.
Internal and external factors can give rise to risks. Figure 5 is based on the FIRM Risk Scorecard risk classification system and it provides examples of internal and external key risk drivers. Some risk classification systems have strategic risk as a separate category. However, the FIRM Risk Scorecard approach suggests that strategic (as well as tactical and operational) risks should be identified under all four headings.
Figure 5: Drivers of risk management
FINANCIAL RISKS ACCOUNTING STANDARDS INTEREST RATES FOREIGN EXCHANGE FUNDS AND CREDIT
INTERNAL CONTROL FRAUD HISTORICAL LIABILITIES INVESTMENTS CAPEX DECISIONS LIQUIDITY AND CASHFLOW
M&A ACTIVITY R&D ACTIVITIES INTELLECTUAL PROPERTY CONTRACTS
ECONOMIC ENVIRONMENT TECHNOLOGY DEVELOPMENTS COMPETITION CUSTOMER DEMAND REGULATORY REQUIREMENTS
MARKETPLACE RISKS
14
INFRASTRUCTURE RISKS COMMUNICATIONS TRANSPORT LINKS SUPPLY CHAIN TERRORISM NATURAL DISASTERS PANDEMIC RECRUITMENT PEOPLE SKILLS HEALTH AND SAFETY PREMISES IT SYSTEMS
BRAND EXTENSIONS BOARD COMPOSITION CONTROL ENVIRONMENT
PRODUCT RECALL CSR PUBLIC PERCEPTION REGULATOR ENFORCEMENT COMPETITOR BEHAVIOUR
REPUTATIONAL RISKS
A structured approach to Enterprise Risk Management