O'Reilly logo

Operational Risk Management by Ariane Chapelle

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 1Risk Identification Tools

TOP‐DOWN AND BOTTOM‐UP RISK IDENTIFICATION

The most dangerous risks are those we ignore, as they can lead to nasty surprises. Before organizing risks in a register, it is important to identify the risks that are specific to your own business, not just those based on an external list, and then assess, mitigate and monitor them.

Risk identification in an organization should take place both top‐down, at senior management level, looking at the large exposures and threats to the business, and bottom‐up, at business process level, looking at local or specific vulnerabilities or inefficiencies. These procedures are different but complementary, and both are vital because it is not sufficient to have one without the other. My favorite analogy for top‐down and bottom‐up risk management is the crow's nest versus the engine room of a boat, both of which are necessary for a complete view of an organization (see Figure 1.1).

Picture of a boat depicting top-down and bottom-up risk management using the boat analogy.

FIGURE 1.1 Top‐down and bottom‐up risk management: the boat analogy

Top‐down risk analysis should be performed between one and four times a year, depending on the growth and development of the business and the level of associated risks. The aim is to identify key organizational risks, the major business threats that could jeopardize strategic objectives. Top‐down risk identification sessions will typically include senior risk owners, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required