Any event whose occurrence, within a defined time horizon, would disrupt the achievement of the expected objectives. It is characterized by the triptych [peril-resource-consequence]. Indeed it is about the possibility that a danger affects a resource of the organization in a given process, and produces consequences on the achievement of the objectives.
A pure risk results in an alteration of the assets and value poles. Speculative risk is linked to the decision-making process and can have negative or positive consequences.
It is a rigorous and iterative management approach, integrated within each activity of the organization and which consists in identifying the risks, evaluating them, choosing the possible treatment options, monitoring and managing these risks within the limits established tolerances, communicating the results to the concerned parties and monitor the effectiveness of the overall management system.
Better control of operations, securing of keys assets, Better allocation of resources, Reduction of the volatility of results, Improvement of perception, Reliability of financial and operational information, Reinforcement of compliance with applicable laws and regulations, Reinforcement of compliance with top management directives, Reduction of dissuasive effects linked to decision-making, Better management of contingent activities…
It is defined as a tolerance limit beyond which the company could not accept risk. Risk appetite can be expressed in quantitative or qualitative terms. It can be general in the sense that it is expressed through an overall level of losses that the company cannot tolerate over a given period, or specific in the sense that it is defined by nature of risk through indicators. Compliance with risk appetite guarantees the achievement of objectives.
Risk governance enables Risk Management to be implemented following the interests of shareholders and other stakeholders. It also guarantees a proper distribution of roles and responsibilities in risk management.
The Risk Manager is the one who can apprehend, in a global and integrated manner, the risks to which his entity is exposed from the technical, organizational, cognitive, and cultural angles.
A process of identifying, describing, prioritizing, and representing the risks of an organization, carried out periodically. It takes the form of an inventory, a matrix, and risk sheets.
Reducing risk means reducing its components, namely frequency, and severity. To reduce the frequency, it is necessary to act on the causes. This is what we call prevention. To reduce the severity, it is necessary to act on the consequences or, in other words, to make protection.
Transferring a risk means sharing its consequences with one or more other parties. Transferring a risk does not mean eliminating it. This transfer may take the form of sharing it with another organization or recourse to the financial market. The risks most often transferred are those whose criticalities are above the established tolerance thresholds and for which the reduction costs would be higher than the transfer costs.