Risk Management Step 2 - Categorize Risk
After you have completed a Risk Profile of your organization, the next step in risk management is to categorize your risks. Risks are categorized into four areas according to significance and probability:
Significance to the Organization |
Probability Risk will Occur |
Basic Approach to Risk Management |
HIGH |
HIGH |
Try to avoid these types of risks |
LOW |
HIGH |
Implement procedures to reduce these risks |
HIGH |
LOW |
Transfer these risks using insurance |
LOW |
LOW |
Accept these risks as normal operations |
Now that you have categorized your risks, you can implement a formal risk management program. If you have risks that will materially impact your organization and there is a high probability of occurrence, than you want to take steps to avoid these types of risks. For example, some Japanese manufacturers have incurred significant losses from foreign currency exchanges with the United States . In order to avoid these risks, manufacturing operations have been transferred over to the United States .
Some risks are likely to occur, but have little impact on your overall operations. For example, employee injuries are common, but rarely do they result in significant losses. A worker safety program can reduce this type of risk. You can use insurance for risks that are significant, but rare in occurrence. Finally, if you have risks that are not material and infrequent, you will implement a risk retention program; i.e. you will accept these types of risks. Most companies calculate an assigned value to this last category to determine their overall exposure. One final point: Since risks will change over time, you will need to go through this process on a regular basis.
Written by: Matt H. Evans, CPA, CMA, CFM | Email: matt@exinfm.com | Phone: 1-877-807-8756