search

Risk Management Cycle

Risk Management Lifecycle

figure 1: IT Risk Management Lifeycle

  1. Identify - process to determine which risks, whether threat or opportunity, can potentially influence the realization of organizational business objectives. Providing an accurate picture of risk through Risk Statement is part of identification. Common methods of risk identification are: interviews, review of existing risks in risk register, document reviews, brainstorming session, root cause analysis etc.

  2. Assess - to identify the probability and business impact inherent in the risk. Assessment of exposures for both threats and opportunities are done at this stage.

  3. Control - are specific measures to prevent the adverse effect of risks. Controls are identified at this stage

  4. Reassess - the risks are reassessed once controls are in place

  5. Respond - gap between risk tolerance and residual risk is calculated to develop the risk response strategy

  6. Monitor & Report - risks in the risk register should be regularly monitored and reported to senior management for their review and action

Following diagram shows the lifecycle of Risk from a process perspective:

figure 2: risk process
PreviousRisk and ControlsNextRisk Categories

Last updated

Was this helpful?