The risk management process
The main risks from the "Risk identification and assessment" phase must be analyzed in detail.
This analysis helps integrate the main risks. The company's governing body must come up with a reasonable strategy and define the necessary measures adapted to all of the risks.
Risk management process
The analysis must include the following elements:
- analysis of causes and effects,
- quantitative assessment, and/or
- qualitative assessment
Detailed analysis of the risks in three steps
Holding a meeting to analyze the main risks in detail ensures a uniform understanding of risk within the company and within each department/production center. The risks must be attributed to the people (risk managers) in charge of constantly monitoring them.
Risk management strategies should be developed and implemented for all of the main risks. These risks may be:
- accepted
- reduced
- avoided
- transferred
They should be monitored constantly so that changes may be accounted for. A combination of risk-management strategies is often used and implemented in the planning of measures.
Sample action plan
Source: KPMG Schweiz, Methodik zur Einführung eines Risikomanagementsystems, 2008