Risk Environment
To analyze a risk, it is necessary to take into account all the elements of the environment.
Describing Risk Environment
To describe the objects which make up the environment of a risk:
In the HOPEX IRM desktop, click Environment > Environment > Risks.You can define:
• Risk Types
A risk type defines a risk typology standardized within the context of an organization.• Risk factors
A risk factor is an element which contributes to the occurrence of a risk or which triggers a risk. Several Risks can originate from a same Risk Factor Examples: the use of a hazardous chemical product, the complexity of an application, the size of a project, the number of involved parties, the use of a new technology, the lack of quality assurance, the lack of rigor in requirements definition…• Risk consequences
A risk consequence can be positive or negative. It is associated with a type, which enables its characterization, for example: image, environment, employees.Defining the Environment of a Specific Risk
To define the environment for a specific risk:
In the Characteristics page of the property window of a risk, expand the Analysis section.A risk is characterized by:
• Risk types
A risk type defines a risk typology standardized within the context of an organization.• Risk factors
A risk factor is an element which contributes to the occurrence of a risk or which triggers a risk. Several Risks can originate from a same Risk Factor Examples: the use of a hazardous chemical product, the complexity of an application, the size of a project, the number of involved parties, the use of a new technology, the lack of quality assurance, the lack of rigor in requirements definition…• Risk consequences
A risk consequence can be positive or negative. It is associated with a type, which enables its characterization, for example: image, environment, employees.• Incidents
An incident is an event occurrence, internal or external, that has an impact on the organization. It is the basic element for collection of data concerning operational risk.• Control systems
A control system is a set of controls that ensure risk prevention and management, application of internal operating rules, respect a law or regulation, or work towards achievement of an objective as defined by company strategy. Examples: quality control system, management control system, internal audit system.• Associated Risks
Risk types
A risk type defines a risk typology standardized within the context of an organization.A risk type enables risk characterization. For example, a risk type can be regulatory, legal, technical, etc.
To create your own risk types:
1. In the HOPEX IRM desktop, click Environment > Risks > Risk types.
2. In the pop-up menu of the "Risk Type" folder, select New.
3. Enter the name of the risk type and click OK.
The new risk type appears in the navigator menu tree.
Similarly, you can create a sub-risk type from a risk type.Risk factors
Many risk factors are defined within the framework of international, national or inter-professional regulations, or within the enterprise itself.
A risk factor is an element which contributes to the occurrence of a risk or which triggers a risk. Several Risks can originate from a same Risk Factor Examples: the use of a hazardous chemical product, the complexity of an application, the size of a project, the number of involved parties, the use of a new technology, the lack of quality assurance, the lack of rigor in requirements definition…With each risk, you can associate one or more risk factors, sources of risks that have intrinsic potential to endanger organization operation. For example, dangerous chemical products, competitors, governments, etc.
Risk consequences
To define consequences associated with a risk:
In the risk page, Analysis section, Risk Consequences tab, click New.The consequence creation page appears.
Since a risk consequence can relate only to a single risk, the Risk field is already entered with the current risk.The consequence created appears in the list of consequences associated with the risk.