Risk Statement

Providing an accurate picture of risk is a critical element of risk management. It is achieved through documenting risk statements which should describe:

the event, its impact and may also include the driver for the event.

figure 1: Risk = Uncertain Event + Driver + Impact

Sample Risk Statements:

A. If (threat event) occurs, the consequences could result in (negative impact)

• Example: (Lack of alignment between business strategy and IT strategies) may lead to (underachievement of business outcomes)

• Example: (Inadequate governance over software asset management) could result in (sub-optimal software usage, inability to control costs and successfully

  negotiate/re-negotiate software contracts)

B. If (threat event) occurs due to (driver), the consequences could result in (negative impact)

• Example: (Significant delays in delivering digital projects) due to (lack of skilled resources) may leave the organization (unable to achieve digital objectives)

C. If (opportunity event) occurs, the consequences could result in (positive impact)

• Example: (Implementation of new public cloud data centers in the region) can bring (benefits of cloud computing to the organization)

D. If (threat event) occurs due to (driver), the consequences could result in (negative impact)

• Example: (A successful hackathon event) due to (the participation of universities) can (build a bridge to the developer community)