Risk Identification

The risk identification process involves identifying and documenting all the risks that constitute potential loss exposures for the organization and affect the achievement of its strategic goals. Some risks may not adversely affect the organization and it is important to differentiate between negative risks and positive risks or opportunities. While exploiting, enhancing and sharing positive risks with significant upside potential may be important in some circumstances, the organization should never lose sight of the negative risks and potential threats. In order to drive accountability and leverage available expertise, leadership teams, risk management professionals, subject matter experts, front line staff closest to the risks and other key stakeholders need to be fully involved in the process. Risk identification should never be based on intuition, guesswork and opinions. In order to provide a solid basis for risk management, it is a good idea to categorize all potential sources of risk into risk domains. As illustrated below, there are many useful internal and external information sources that can be used to identify potential risks and document their characteristics.