Please enable JavaScript.

Coggle requires JavaScript to display documents.

Categorising risk - Coggle Diagram

- - - - Preventable risks
        
        Internal risks faced by organisations that are contrallable
        
        Ideally, organisations should look to entirely eliminate or avoid such risks
        
        An organisation may choose to have tolerance levels for risks that cannot be managed at a 100% elimination rate as the high cost might outweigh the incremental benefit
        
        Best maanaged through active prevention: monitoring risk activities and guiding human behaviour within an organisation
      - Strategy risk
        
        Assumed by organisations willingly in order to gain a competitive advantage and to achieve their objectives
        
        Eg
        
        Credit risk
        
        R&D risk
        
        Risks associated with merging two organisations
        
        Undertaking a major change project
        
        Not explicitly undesirable and cannot be managed via rules based control model
        
        Best managed through a framework designed to minimise the actual materialisation of risks and to enhance the overall organisational ability to contain and respond to such risks should they occur
      - External risks
        
        Risks external to an orgaisation and are beyond its influence or control
        
        Best managed through identification and mitigation actions. An organisation may manage the impact of external risk events through effective business continuity and contingency planning programmes.
  - - - Commerical
        
        Risks arising from weaknesses in the management of commercial partnerships, supply chains and contract requirements resulting in poor performance, inefficiency, poor value for money, fraud and/or failure to meet business requirements/objectives
      - Strategy
        
        Risks arising from identifying and pursuing a strategy that is poorly defined, is based on flawed or inaccurate data or fails to support the delivery of commitments, plans or objectives due to a changing macro environment
    - - Financial
        
        Risks arising from not managing finances in accordances with requirements and financial constraints resulting in poor returns from investments, failure to manage assets/liabilities or to obtain value for money from the resources deployed and/or non compliant financial reporting
    - - Governance
        
        Risks arising from unclear plans, priorities, authorities and accountabilities, and/or ineffective or disproportionate oversight of decision making and/or performance
      - Information
        
        Risks arising from a failure to produce robust, suitable and appropriate data/information and to exploit data/infomration to its full potential
      - Legal
        
        Risks arising from a defective transaction, a claim being made or some other legal event occurring that results in a liability or other loss or a failure to take appropriate measures to meet legal or regulatory requirements to to protect assets
      - Operations
        
        Risks arising from inadequate, poorly designed or ineffective/ineficent internal processes resulting in fraud, error, impaired customer service (quality and/or quantity of service), non-compliance and or/poor value for money
      - People
        
        Risks arising from ineffective leadership and engagement, suboptimal culture, inappropriate behaviours, the unavailability of sufficient capacity and capability, industrial action and/or non compliance with relevant employment legilsation/HR policies resulting in negative impact on performance
      - Property
        
        Risks arising from property deficiencies or poorly designed or ineffective/inefficient safety management resulting in non-compliance and/or harm and suffering to employees, contractors, service users or the public
      - Security
        
        Risks arising from a failure to prevent unauthorised and/or inappropriate access to the estate and information, including cyber security and non compliance with GDPR
    - - Project
        
        Risks that change programmes and projects are not aligned with strategic priorities and do not successfully and safely deliver requirements and intended benefits to time, cost and quality
    - - Risks arising from adverse events, including ethical violations, a lack of sustainability, systemic or repeated failures or poor quality or a lack of innovation, leading to damages to reputation and o destruction of trust and relations