The risk management process involves the systematic application of policies, procedures, and practices to the activities of communicating and consulting, establishing the context and assessing, treating, monitoring, reviewing, recording, and reporting risk (Figure 56).
Figure 56. ISO 31000: 2018 Risk management process
8.2 Risk Identification The purpose of risk identification is to find, recognise and describe risks that might help or prevent an organisation achieving its objectives. Relevant, appropriate and up-to-date information is important in identifying risks (Standards Australia, 2018). The following factors and the relationships among these factors have been considered by this risk assessment: ∕ Tangible and intangible sources of risk; ∕ Causes and events; ∕ Threats and opportunities; ∕ Vulnerabilities and capabilities; ∕ Changes in the external and internal context; ∕ Indicators or emerging risks; ∕ The nature and value of assets and resources; ∕ Consequences and their impacts on objectives; ∕ Limitations of knowledge and reliability of information; ∕ Time-related factors; and ∕ Biases, assumptions, and beliefs of those involved.
Project number: 25B061
Page 204
Powered by FlippingBook