g risks of machine breakdown delaying production Risk Identification In COSO

G risks of machine breakdown delaying production risk

This preview shows page 6 - 8 out of 11 pages.

operational level e.g., risks of machine breakdown delaying production. Risk Identification In COSO risk identification is a separate step from risk assessment while ISO treats risk identification as part of risk assessment. The purpose of risk identification is to find, recognize and describe risks (or opportunities) that might help or prevent an organization achieving its objectives. In identifying risk, it also necessary to determine the sources, causes and drivers of risks, as well as the nature and root cause of the risk. Sources of risk can include events, decisions, actions and processes, both favorable and unfavorable, as well as situations that are known to exist but where outcomes are uncertain. ISO recognizes that events and consequences can have multiple causes or causal chains, and risk can often only be controlled by modifying risk drivers. Risk Identification Techniques There are variety of techniques that companies may use in identifying risks. These are also the techniques you encountered in your TQM/Project Management subject. Workshops and interviews. Facilitator-led structured discussions to draw on the collective knowledge and experience of management, staff, and other stakeholders about events that may impact the achievement of entity or unit objectives. Event inventories/checklists. Detailed list of potential events common to companies within a particular industry or to a particular process or activity. Process flow analysis. Examines the combination of inputs, tasks, and responsibilities in a process; considered internal and external factors that affect inputs or activities within a process; identifies events that could impact the achievement of process objectives. Risk Analysis (Assessing the Severity of Risk)
Image of page 6
5/31/2020 MODULE 6. ENTERPRISE RISK MANAGEMENT 7/11 Severity means a measurement of considerations such as the likelihood and impact of events or the time it takes to recover from events. At this stage, identified risks are translated into impacts at all levels of an organization (e.g., entity, business unit, division or other functional level) in order to determine whether the identified risks are relevant. A risk is relevant if it could impact the achievement of an entity’s strategy or business objectives. Impact is the result or effect of a risk. Qualitative Techniques Risk analysis considers both the quantitative and qualitative impact and likelihood of a risk. Some quantitative and qualitative techniques are discussed in the succeeding paragraphs. Qualitative techniques are often used to assess risks which do not lend themselves to quantification, when sufficient reliable data is not readily available to use a quantitative model, or it is not cost- effective to obtain or analyze quantitative data. The most commonly used qualitative assessment techniques are interviews, cross-functional workshops, and surveys, benchmarking, even tree analysis.
Image of page 7
Image of page 8

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture