Risk evaluation and control involves the process of identifying, prioritising and managing the risks that an organisation faces. Cambridge Risk Solutions can assist with each stage of this process, bringing the benefit of an objective viewpoint and years of experience.
There are numerous sources of information on risks, including:
- The “UK National Risk Register”;
- “Community Risk Registers” for each area of the UK;
- Health, Safety and Environmental risk registers within your organisation;
- Annual Reports and Accounts from companies in your sector; and
- Media reports of incidents.
Having identified the risk to your organisation there are 4 fundamental responses to each risk, known as the “4 T’s”:
- Tolerate the risk as it is;
- Transfer the risk ie buy insurance to mitigate the financial losses
- Treat the risk ie take practical steps to reduce the likelihood of the event occurring and/or mitigate the impact if it should occur; or
- Terminate the activity that gives rise to the risk.
The budget available for risk management will never be sufficient to transfer or treat all the risks that face an organisation. Senior Management must therefore prioritise which risks they will actively address; methods for prioritising include:
- Probability and Impact tables;
- Monte-Carlo modelling; and
- The Precautionary Principle.
Remaining risks must either be tolerated or teminated.
Often the best-intentioned efforts at reducing a risk simply move the problem elsewhere. For example in the year after the wearing of crash helmets was made compulsory in the UK, there was an increase in motorcycling fatalities: the positive impact of reducing the specific risk of serious head injuries was offset by people riding more recklessly and therefore sustaining other fatal injuries. Care must always be taken that the method of risk treatment adopted does not unintentionally create new risks which may be harder to manage.
Follow the link to see a Risk Evaluation and Control case study.