What are the Different Types of Risk?
There exist over eighty Enterprise Risk frameworks and a significant number of definitions of Risk, one of the more popular frameworks is the Casualty Actuarial Society model which conceptualised Enterprise Risk Management as continuing across the two dimensions of Risk Type and Risk Management Processes.
The most common defined Risk Types are:
Financial Risk - Which would include Currency Risk, Counter Party Risk, Pricing Risk, Asset Risk, Liquidity Risk
Operational Risk - Which would include Reputational Risk, Customer satisfaction, Product failure, Supply Chain Risk
Hazard Risk - Which would include Natural Disasters, Hazardous Materials, Liability Torts, Property Injury
Strategic Risks - Which would include Social Trends, Competitive Responses, Capital Availability, Market Analysis
The Risk Management processes would include the identification of and response to the following:
Establish Context - Make sure management understands the current environment under which the organisation operates, including understanding internal and external Risk Types.
Risk Identification - Management should document their understanding of the Risks to the organisation and the impact of the Risk to organisation meeting their objectives.
Quantifying Risks - Once Risks have been identified the organisation should conduct a probability analysis of material risk and likely outcomes, with the goal of prioritising Risk response.
Integrating Risks - This includes the aggregation of all risk distributions, reflecting correlations and portfolio effects, and therefore the formulation of the ends up in terms of impact on the organization’s key performance metrics.
Prioritising Risks - By prioritising the organisation Risk the management can calculate the overall Risk Profile by determining the contribution of each Risk to overall profile.
Risk Response - Once the Risk is understood and the Risk Profile has been calculated the organisation can implement appropriate controls to minimise Risk to the organisations objectives.
Response Review - Responses to Risk should be measured and monitored to ensure outcomes are supporting the organisations objectives.
Another popular frame work for Enterprise Risk Management comes from The Committee of Sponsoring Organizations’ (COSO) of The Treadway Committee. The COSO framework defines ERM as a systematic, integrated approach for identifying Risk to the organisation. It obligates the board to identify, evaluate and mitigate corporate Risk via a integrated framework.
Enterprise Risk has always been part of corporate strategy, the COSO framework formalises this posture.
Organisations of all sizes need robust, reliable systems to control Risks within the environment they operate.
The COSO ERM Framework defines five types of Risks, which include the following:
Opportunities - A circumstance to provide a positive outcome towards the organisational objectives.
Killer Risks - An outcome that if occurred would jeopardise the organisations continued operations.
Other Perils - A circumstance likely to lead to a significant loss or movement away from the organisations objectives.
Cross Functional Risks - Often referred to as "Common Risks", leading to loss to the organisation and denting its movement towards its objectives.
Business Process Unique Risk - Risks limited to a specific business process that might impact the production of a product or service.
Opportunities should be fully exploited to the organisations benefit or Risk competitive growth to the detriment of the organisations objectives.
Killer Risks should be identified, and closely monitored by senior team members to ensure mitigation plans are effective and operational controls are in place.
The Other Perils should be indentified and assigned appropriate team members as owners of the identified Risk, with a level of reporting and mitigation that meets the organisations Risk posture.
The COSO framework has eight parts and 4 objectives classes. The eight parts are documented below:
Information and Communication
The four objectives classes are documented below:
Strategy - high-level goals, aligned with and supporting the organization's mission
Operations - effective and economical use of resources
Financial Reporting - reliability of operational and money reporting
Compliance - compliance with applicable laws and rules