Risk Management Step 2 - Categorize Risk

After you have completed a Risk Profile of your organization, the next step in risk management is to categorize your risks. Risks are categorized into four areas according to significance and probability:

Significance to the Organization
Probability Risk will Occur
Basic Approach to Risk Management
HIGH
HIGH
Try to avoid these types of risks
LOW
HIGH
Implement procedures to reduce these risks
HIGH
LOW
Transfer these risks using insurance
LOW
LOW
Accept these risks as normal operations

Now that you have categorized your risks, you can implement a formal risk management program. If you have risks that will materially impact your organization and there is a high probability of occurrence, than you want to take steps to avoid these types of risks. For example, some Japanese manufacturers have incurred significant losses from foreign currency exchanges with the United States . In order to avoid these risks, manufacturing operations have been transferred over to the United States .

Some risks are likely to occur, but have little impact on your overall operations. For example, employee injuries are common, but rarely do they result in significant losses. A worker safety program can reduce this type of risk. You can use insurance for risks that are significant, but rare in occurrence. Finally, if you have risks that are not material and infrequent, you will implement a risk retention program; i.e. you will accept these types of risks. Most companies calculate an assigned value to this last category to determine their overall exposure. One final point: Since risks will change over time, you will need to go through this process on a regular basis.

Written by: Matt H. Evans, CPA, CMA, CFM | Email: matt@exinfm.com | Phone: 1-877-807-8756

Return to Listing of All Articles | Risk Management Profile | Share