HOPEX Enterprise Risk Management > Introduction to HOPEX Enterprise Risk Management > Risk Management Process
Risk Management Process
 
Identifying, analyzing and contextualizing risks
Assessing Risks
Remediating Risks
Associated with all HOPEX Suite products, HOPEX Enterprise Risk Management enables identification, assessment and remediation of risks.
Identifying, analyzing and contextualizing risks
The aim of risk analysis is to obtain a good understanding of risks. Risk analysis must take risk sources into account as well as positive or negative risk consequences.
The analysis phase associates a risk with:
risk types
risk factors (or causes)
consequences
objectives
Contextualization of a risk enables risk classification by:
on the one hand their type
on the other the objects to which they relate
The same risk can relate to several component types:
an entity
a process
a business line
a site.
Assessing Risks
After having identified and analyzed the risks faced by the enterprise, the next step is to estimate their importance so as to highlight the most important risks to be remediated.
It is particularly important to identify risk causes so that the risks themselves will be treated and not just their symptoms.
Risks are assessed taking into account:
their occurrence frequency
their impact
This assessment will serve as the basis for determining how the risks will be managed.
Standard reports are supplied to simplify risk assessment. For more details, see HOPEX Enterprise Risk Management Reports.
Two possibilities are proposed:
Direct assessment, which allows an expert to specify global assessment of a risk on a given date,
Assessment by campaign, which enables precise assessment of your risks by entity from standard questionnaires.
Remediating Risks
Remediating risks involves:
identification of the various options possible
assessment of these options
preparation and implementation of remediation plans.
The design of risk remediation measures should be based on a perfect understanding of the risks concerned; this understanding is obtained from an appropriate level of risk analysis.
It is not generally profitable, or indeed desirable, to implement all possible risk remediations. It is however necessary to select and implement a combination of the most appropriate of these.
Risk assessment is therefore an essential step in obtaining a list of risks requiring remediation, indicating their priority.