Assessing risks
To control risks, you must be able to assess them. It is therefore necessary to identify and qualify the risks encountered in the execution of a business process. To do this, HOPEX Risk Mapper enables management of the risk concept.
A risk is a hazard of greater or lesser probability to which an organization is exposed.Enterprise is confronted with numerous risk types: financial, legal, ecological, IT, technical, commercial, contractual, etc. The decision to manage or not each risk can be based on criteria that include operational, technical, financial, legal, social and humanitarian considerations. These criteria reflect the context defined by the project. They often depend on an organization's internal policies, goals and objectives and the interests of stakeholders.
Risk evaluation and treatment methods must be chosen in compliance with project objectives and requirements. Risk determination and evaluation can combine several complementary approaches. These can be based on:
enterprise objective achievement application of predefined lists of risk types, risk factors or control types to their appearance context (process, activity, etc.).historical data (databases of incidents, claims, faults, etc.).In HOPEX Risk Mapper, there are different types of object linked to risks:
• Object types that could be at risk (for example: processe, operation, org_unit, etc.).
• Object types that enable processing of an incident or taking preventive measures (control, process).