The Many Ways to Identify Risk

In 2001, a paper entitled Managing Risk in the New Economy was published by the AICPA. That paper identified the many different ways companies can identify their risks. These included:

  • Interviews
  • Questionnaires
  • Brainstorming
  • Self-assessment and other facilitated workshops
  • SWOT analysis (Strengths, Weaknesses, Opportunities, and Threats)
  • Comparison with other organizations
  • Discussion with peers
  • Benchmarking
  • Risk consultants / risk SMEs
  • Checklists
  • Flowcharts
  • Scenario analysis
  • Value chain analysis
  • Business process analysis
  • Systems engineering
  • Process mapping
St. John's University graduate ERM Students in Silicon Alley discuss how they would identify the risks of an organization.

St. John's University graduate ERM Students in Silicon Alley discuss how they would identify the risks of an organization.

Since 2001 other sophisticated methods for identifying risks have emerged and it is important to get the right risks identified. As shown to the right, St. John’s University graduate ERM students in Silicon Alley get this. In one class exercise, the students discussed how they would identify the risks of an organization in addition to conducting interviews (Step 1 above).

ONE FINAL THOUGHT
It is enterprise risk management, not enterprise risk identification. Assuming the correct risks have been identified, it's the management of the risk that ultimately “creates, protects, and enhances shareholder value.”