Chapter 4

Risk Identification

The dangers of life are infinite, and among them is safety.


Once an ERM framework is chosen, and after at least some basic risk governance is established, the four-step ERM process can begin. Risk identification is the first step in this process, which, as discussed in Chapter 2, is a continuous, evolving, and integrated process.

Components of Risk Identification

There are three components to the risk identification ERM process step, as performed using the value-based ERM approach:

1. Risk categorization and definition

2. Qualitative risk assessment

3. Emerging risk identification

The first time these three components are conducted, they must be performed in the order shown, because the outcome of each preceding component is used as input into the following one.

Before we discuss these three components, we will discuss the five keys to successful risk identification.

Five Keys to Successful Risk Identification

Many companies have at least begun the ERM process and have at least completed the first step in the ERM process cycle—risk identification. Therefore, many believe that common practices in risk identification are, by now, best practices, and that this step is fairly straightforward. Unfortunately, quite the contrary is true. There are several aspects of risk identification that are still routinely performed in a suboptimal way. Not only does this hamper the risk identification process step, but it also significantly impacts the quality ...

Get Corporate Value of Enterprise Risk Management: The Next Step in Business Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.