Professional Documents
Culture Documents
STRAMA
STRAMA
WHAT IS RISK?
Oxford English Dictionary definition of risk
is as follows: ‘a chance or possibility of
danger, loss, injury or other adverse
consequences’, and the definition of at risk is
‘exposed to danger’
ORGANIZATION AND DEFINITION OF Certainty – were goals and clear and certain
RISK
Risky – where goals are clear, risk events are
ISO Guide 73, ISO 31000 – Effect of known analyzed
Uncertainty on objectives. Note that an effect
Uncertainty – where goals are clear and risk events
may be positive, negative, or a deviation from
are can’t be analyzed
the expected. Also, risk is often described by
an event, a change in circumstances or a Ambiguity – where goals themselves are unclear
consequence.
Institute of Risk Management (IRM) – Risk is
the combination of the probability of an event
and its consequence. Consequences can range LESSON:
from positive to negative.
Orange Book from HM Treasury – Risks can occur anywhere, anytime
Uncertainty of outcome, within a range of
exposure, arising from a combination of the RISK DESCRIPTIONS
impact and the probability of potential events.
Institute of Internal Auditors – The Name or title of risk
uncertainty of an event occurring that could Statement of risk, including scope of risk and
have an impact on the achievement of the details of possible events and dependencies.
objectives. Risk is measured Nature of risk, including details of the risk
classification and timescale of potential
impact
in terms of consequences and likelihood. Stakeholders affected by the risk, both
internal and external
RISK is an event with the ability to impact (inhibit, Risk attitude, appetite, tolerance or limit for
enhance, or cause doubt about) the effectiveness the risk
and efficiency of the core processes of an Likelihood and magnitude of event and
organization. consequences at current/residual level
Control standard required or target level of
So, to understand risk, you first need a plan or
risk
objectives:
Incident and loss experience
Risks can affect the World. Existing control mechanisms and activities
They can affect a country. Responsibility for developing risk strategy
They can affect an organization. and policy
They can affect a department. Potential for risk improvement and level of
They can affect a team. confidence in existing controls
They can affect a person. Risk improvement recommendations and
deadlines for implementation
Responsibility for implementing
improvements
Responsibility for auditing risk compliance these events and contain the cost of the
events.
ATTACHMENT OF RISK
RISK AND REWARD
Risk-tolerance - refers to the person being Also called risk symptoms. They are
sensibly comfortable with most uncertainty, indicators or warning signs of an imminent
accepting the fact that it exists in life and risk occurring. Various risks can have
projects. People with a risk-tolerant attitude different risk triggers.
tend to accept uncertainty without letting it
have a major impact on their behavior. BOW TIE METHOD
Risk-neutral - refers to the person not being A bow tie method is a visual way of understanding
risk-averse or risk-seeking but rather seeking the impacts of a hazard, the risk it presents, the
plans that have high future pay-offs. People consequences and the controls that should be put in
with risk-neutral attitude tend to focus on the place.
BOW TIE METHOD
Strategy Implementation