Risk assessment in practice
Risk assessment is all about measuring and prioritizing risks so that risk levels are managed within defined tolerance thresholds without being over-controlled or forgoing desirable opportunities. To accomplish this requires a risk assessment process that is practical, sustainable, easy to understand and right-sized for the enterprise.
Value is a function of risk and return. Every decision either increases, preserves, or erodes value. Given that risk is integral to the pursuit of value, strategic-minded enterprises do not strive to eliminate risk or even to minimize it, a perspective that represents a critical change from the traditional view of risk as something to avoid. Rather, these enterprises seek to manage risk exposures across all parts of their organizations so that, at any given time, they incur just enough of the right kinds of risk — no more, no less — to effectively pursue strategic goals.
This whitepaper, developed by Deloitte in collaboration with COSO, presents a process for developing a risk assessment criteria, assessing risks and risk interactions, as well as prioritizing risks. It also discusses how to actually put this process into practice in a simple, practical and easy to understand way.