Our consultants and instructors are internationally recognized experts in risk assessments, risk management systems, PSM, and loss prevention. They are among the very best in the field because they combine complete theoretical understanding of their topic with the experience that is necessary to discriminate between something that works only in theory and something that works in practice.
Introduction:
A risk assessment is a form of strategic planning and strategy methodology. The process attempts to think about the future by reflecting on the past. Most strategies are built upon specific beliefs about the future unfortunately, the future is unpredictable. The worst risk assessment is the one that denies the reality of unpredictability. Zero ideology and language help foster the denial of unpredictability.
The best risk assessment is the one that prepares and focuses on resilience. Adopting a framework that assumes absolute control, no mistakes, projecting value onto some score, colour or measurement creates a strategy that makes it more difficult to adapt when turbulence or change arrives. The key to managing risk is not fixity but adaptability.
What are Industry Risk Profiles?
Industry risk profiles are aggregations of industry participant perspectives of risk exposures, created using a standard structure to facilitate comparability. The profiles thus depict common areas of concern and can be used by individual firms to compare their own perceptions of risk exposure against those of the industry.
Risk Business provides the industry risk profiles at both “organisation” level, which is representative of a firm overall, and at either “business line” or “product or service group” level, which represents more granular breakdown of exposure by common business areas (such as retail banking, insurance broking, central banking, etc) or for specific groups of product or service offerings (such as credit cards, currency trading, life assurance, etc). Industry Risk Profiles are also available by industry and geographic area.
What is the “standard structure”?
Risk Profile Structure
he standard structure allows for the impact of specific forms of risks, broken down by risk type and within risk type by specific risk categories (shown on the top axis of the adjacent diagram), onto the various business processes or functions (shown on the left-hand axis), as employed for a specific product or service type (shown as the right-hand dimension of the diagram). The impact is essentially measured at and referred to as a “risk point”.
Business line structures are created by aggregating the set of product and service group risk profiles which make up a specific business line, while the organisation risk profiles are created either from specific risk profiles created at organisational level or by aggregating business line risk profiles.
Where does the data come from?
The initial risk profiles were developed as part of establishing the financial services industry’s KRI Library, where more than 100 banks and over 25 insurers contributed risk profiles for use in identifying where key risk indicators (or KRIs) are needed within the average firm.
More recent versions of the industry risk profiles now include risk profiles provided by other Risk Business clients, by new participants in the KRI Library and from public forum workshops facilitated by Risk Business specifically for this purpose.
How often are the Industry Risk Profiles updated?
There is no predefined frequency or schedule for revising the existing published Industry Risk Profiles, rather as and when there are a reasonable number of new or revised risk profiles available for inclusion, revised profiles are developed and then published.
Is there a risk of identifying whose data is included?
Firstly, the individual input risk profiles typically reflect a general perspective of a firm’s view of its exposure, at product or service level, at business line level or overall for the firm as a whole. Secondly, during the process of risk profile aggregation, the individual identities are removed and no links back to the source risk profiles are available. Lastly, unless there are a pre-defined minimum number of data sources, no public Industry Risk Profiles are published.
Mapping to the Industry Risk Profiles
The dimensions used to form the Industry Risk Profiles come from the Risk Business Taxonomy Service, an online encyclopaedia of classification hierarchies which support firms creating and documenting their own taxonomies (either from scratch or based off one of the supported industry taxonomies), then mapping their taxonomy to the one used for the Industry Risk Profiles. When used in conjunction with the Risk Business Risk Profiling Service, this allows a firm to convert its own risk and control assessment data and/or internal loss data into equivalent risk profiles (or loss profiles) which can then be directly compared to the Industry Risk Profiles.
Sample Organisation Level Risk Profile:
What can the Industry Risk Profiles are used for?
There are many different uses for the Industry Risk Profiles, including but not limited to:
- Facilitating the comparison of the firm’s own view on exposures to that of the industry, thereby assessing the compatibility of exposure views and allowing the firm to question why it sees exposures in areas where the industry does not or why it does not see exposures where the industry does;
- Providing a benchmark for new business areas, new product or service types or new geographic regions, thereby allowing the firm a better understanding of potential changes to its risk profile from entering into such new activity;
- A training tool for staff, allowing them to explore where and how risk can manifest itself; and
- A base mechanism from which to explore other industry data sets, such as the KRI Library, the Risk Business Scenario Library, or the Risk Business Public Loss Data Service and its associated Newsflashes, while employing the same standard structure to understand the interaction of risk, process and product or service.
A risk assessment is a form of strategic planning and strategy methodology. The process attempts to think about the future by reflecting on the past. Most strategies are built upon specific beliefs about the future unfortunately, the future is unpredictable. The worst risk assessment is the one that denies the reality of unpredictability. Zero ideology and language help foster the denial of unpredictability.
The best risk assessment is the one that prepares and focuses on resilience. Adopting a framework that assumes absolute control, no mistakes, projecting value onto some score, colour or measurement creates a strategy that makes it more difficult to adapt when turbulence or change arrives. The key to managing risk is not fixity but adaptability.
Risk assessment tips
The risk management process consists of hazard identification, risk assessment and hazard control. Some people tend to get fixated on the risk assessment part and do not place enough emphasis on hazard control. Personally I find Haddon’s 10 counter measures more useful than the hierarchy of controls when developing controls
Risk assessment is the cornerstone of many organisations approach to OHS. The reality is that it can be a very subjective process and an over-concentration on risk scores can mislead badly.
The traditional wisdom for simple risk assessments is to use a matrix consisting of Probability and Consequence or Probability, Consequence and Exposure. I prefer the latter method developed by Fine.
The following tips are given to improve the efficiency of the risk assessment process-
- Replicate the situation you are assessing as accurately as possible
- Use a team approach, about 5 people seems a workable number
- Ensure team members are highly experienced in the risks being assessed.
- Reality check the risk assessment with the workforce
- Ensure team members are trained in risk assessment
- Have developed risk assessments reviewed by an appropriately qualified and experienced, objective third party
