Corporate Risks
Corporate or business risks are the responsibility of the business directors or owners. Every board meeting should have an agenda item which covers Governance and a sub item of the Business Risks or those Operational or Service specific. Risk analysis does not identify static risks, risks change and develop based on internal and external factors. It is important the reviews are frequent to ensure the risk register is up to date and representative. Corporate risks should be reviewed quarterly as a minimum.
Business risks are not static and will change and it is important that this is reflected in ther risk register, mitigating actions and changes or issues arising. The following is an example of a risk register. The main consideration with a risk register is the process undertaken and how risks are identified and reported. Every business needs to demonstrate that risks are not just identified but managed which means mitigating actions.
BUSINESS RISKS
|
ID |
IMPACT |
PROBABILITY |
SCORE |
STATUS |
IDENTIFIED |
LAST REVIEWED |
Poor Governance |
0001 |
HIGH |
MEDIUM |
15 |
AMBER |
01/01/2010 |
14/08/2019 |
Income/Revenue not forthcoming |
0002 |
LOW - MEDIUM |
LOW - MEDIUM |
4 |
GREEN |
01/01/2010 |
14/08/2019 |
Scoring Risks
It is important that risks are scored and tracked, demonstrating reduction in probability or impact through mitigating actions as agreed with the board of directors.
- - Low Probability or Impact
- - Low/Medium Probability or Impact
- - Medium Probability or Impact
- - Medium/High Probability or Impact
- - High Probability or Impact
Traffic Lights
Make the risk register more visual. Using Red, Amber and Green based on Impact multiplied by Probability.