Risk, factors and consequences
The aim of risk analysis is to obtain a good understanding of risks.
Analysis of the risk should take into account:
• risk causes
• positive or negative risk consequences
The risk analysis phase associates a risk with:
• risk types
• risk factors
• consequences
• other risks
To analyze a risk:
1. Select a risk and open its properties.
2. In the Characteristics tab, expand the Analysis section.
A risk is characterized by:
A risk type defines a risk typology standardized within the context of an organization.A risk factor is an element which contributes to the occurrence of a risk or which triggers a risk. Several Risks can originate from a same Risk Factor Examples: the use of a hazardous chemical product, the complexity of an application, the size of a project, the number of involved parties, the use of a new technology, the lack of quality assurance, the lack of rigor in requirements definition…A risk consequence can be positive or negative. It is associated with a type, which enables its characterization, for example: image, environment, employees.• Related Risks
• Incidents
An incident is an event occurrence, internal or external, that has an impact on the organization. It is the basic element for collection of data concerning operational risk.Risk types
A risk type defines a risk typology standardized within the context of an organization.
A risk type enables risk characterization. For example, a risk type can be regulatory, legal, technical, etc.
To create your own risk types:
1. In the navigation menu, click My Environment > Risk Environment > All Risk Types.
2. In the pop-up menu of the "Risk Type" folder, select New.
3. Enter the name of the risk type and click OK.
The new risk type appears in the navigator menu tree.
Similarly, you can create a sub-risk type from a risk type.Risk factors
Many risk factors are defined within the framework of international, national or inter-professional regulations, or within the enterprise itself.
A risk factor is an element which contributes to the occurrence of a risk or which triggers a risk. Several Risks can originate from a same Risk Factor Examples: the use of a hazardous chemical product, the complexity of an application, the size of a project, the number of involved parties, the use of a new technology, the lack of quality assurance, the lack of rigor in requirements definition…With each risk, you can associate one or more risk factors, sources of risks that have intrinsic potential to endanger organization operation. For example, dangerous chemical products, competitors, governments, etc.
Risk consequences
To define consequences associated with a risk:
In the risk page, Analysis section, Risk Consequences tab, click New.The consequence creation page appears.
Since a risk consequence can relate only to a single risk, the Risk field is already entered with the current risk.The consequence created appears in the list of consequences associated with the risk.
RACI on a risk
A risk properties page includes an RACI section to define the different persons responsible for risk management. For more details, see .
Risk Dashboard
A number of indicators are available in the Characteristics page of risk properties.
• Assessment Freshness: elapsed time (number of months) since the last assessment (either direct assessment or through campaigns)
This is an indicator of how often a risk is assessed. This can be useful when it comes to decide when to perform the next assessment.• Aggregated Net Risk: value of aggregated net risk computed from all assessments.
• Open incidents: number of incidents corresponding to risks having a status other than “closed”.
See the “Collecting Incidents” section of the HOPEX LDC guide for more details on incidents.• Next year Forecast: represents the net risk forecast for the year to come. It presents the average of net risk.