Chapter 4
Risk Identification
The dangers of life are infinite, and among them is safety.
Goethe
Once an ERM framework is chosen, and after at least some basic risk governance is established, the four-step ERM process can begin. Risk identification is the first step in this process, which, as discussed in Chapter 2, is a continuous, evolving, and integrated process.
Components of Risk Identification
There are three components to the risk identification ERM process step, as performed using the value-based ERM approach:
1. Risk categorization and definition
2. Qualitative risk assessment
3. Emerging risk identification
The first time these three components are conducted, they must be performed in the order shown, because the outcome of each preceding component is used as input into the following one.
Before we discuss these three components, we will discuss the five keys to successful risk identification.
Five Keys to Successful Risk Identification
Many companies have at least begun the ERM process and have at least completed the first step in the ERM process cycle—risk identification. Therefore, many believe that common practices in risk identification are, by now, best practices, and that this step is fairly straightforward. Unfortunately, quite the contrary is true. There are several aspects of risk identification that are still routinely performed in a suboptimal way. Not only does this hamper the risk identification process step, but it also significantly impacts the quality ...
