BU353 Lecture Notes - Lecture 3: Risk Measure, Risk Assessment
Chapter 3: Risk Management Process
ISO 31000 is emerging as the international standard for risk management. It was designed to help all
organizations, whether private, public, or not-for-profit, better manage risk. It explicitly recognizes that
all activities of an organization involve risk, both positive and negative.
ISO 31000 Risk Management Process
1. Communication and consultation
2. Establishing the context
3. Risk assessment (including risk identification, risk analysis, and risk evaluation)
4. Risk treatment
5. Monitoring and review
1. Process begins with communication and consultation with both internal and external shareholders.
Effective communication/consultation will help to ensure that both those responsible for implementing
the risk management process and other stakeholders understand the basis on which decisions are being
made.
2. Consideration of both the external and internal contexts in which the rest of the risk management
process will take place. External factors that could impact risk include regulation, economic forces,
climate and natural disasters. Internal factors include corporate culture, expertise, resources and
financial strength. Goals and objectives must be defined.
The measurement of risk is expressed as risk criteria. For example, a commonly used risk measure for
financial risk is value at risk which is a measure of the risk of loss on a specific portfolio of financial
assets. For a given portfolio, probability and time horizon, VaR is defined as a threshold value such that
the probability that the loss on the portfolio over the given time horizon exceeds this value is the given
probability level.
Ex. The VaR may be set so the max market loss on a portfolio will remain under 10M 99% of the time.
Aother iportat aspect to defie is the orgaizatio’s risk appetite; the type and amount of risk the
organization is willing to accept in pursuit of its objectives.
3. Risk Assessment includes the following activities:
a) Risk identification
- determining where, when, why and how events could prevent, degrade,
delay or enhance the achievement of objectives
b) Risk analysis
- quantifying the likelihood and consequences of the risks, usually based on
the controls in place to reduce risk
c) Risk evaluation
- comparing the existing level of risk to the risk criteria established in
activity; if the existing level of risk is considered unacceptable, then risk
treatment is necessary
find more resources at oneclass.com
find more resources at oneclass.com
Document Summary
Iso 31000 is emerging as the international standard for risk management. It was designed to help all organizations, whether private, public, or not-for-profit, better manage risk. It explicitly recognizes that all activities of an organization involve risk, both positive and negative. Iso 31000 risk management process: communication and consultation, establishing the context, risk assessment (including risk identification, risk analysis, and risk evaluation, risk treatment, monitoring and review, process begins with communication and consultation with both internal and external shareholders. External factors that could impact risk include regulation, economic forces, climate and natural disasters. Internal factors include corporate culture, expertise, resources and financial strength. The measurement of risk is expressed as risk criteria. For example, a commonly used risk measure for financial risk is value at risk which is a measure of the risk of loss on a specific portfolio of financial assets.
