BPM - Business Process Analysis > Risks and Controls > Risk Management steps
Risk Management steps
 
Analyzing the environment
Identifying, analyzing and assessing risks
Remediating Risks
Risk Control Monitoring and Policy
Information and communication
Associated with HOPEX Business Process Analysis, HOPEX Risk Mapper is used to assess the risks, to mitigate them and finally to control them thanks to an effective control policy.
The recommended risk management process is therefore composed of the following steps:
Analyzing the environment 
Risk Management context includes internal environment and external environment.
The external environment mainly refers to compliance frameworks and external org-units.
*For further details, see External Environment.
The internal environment describes the organization.
*For further details, see Internal Environment.
Identifying, analyzing and assessing risks 
It is necessary to identify the risks concerned, then analyze and assess them to get the elements required for their treatment.
Identifying risks
Several risk identification methods exist, depending on the context:
Method based on organization objectives achievement
Method based on lists of risk types, risk factors or control types applied to a risk occurrence context
Method based on historical data (databases of incidents, claims, faults, etc.)
*For further details, see Identifying risks.
Analyzing Risks
This consists of completing the identification of each risk by precisely indicating what could occur, where, when, why, and how this could occur. This analysis could reveal new risks that were not directly identified in the previous step.
*For further details, see Defining risk characteristics.
Assessing Risks
After having identified and analyzed the risks faced by the enterprise, the next step is to estimate their importance so as to highlight the most important risks to be address.
Risks are assessed taking into account:
their occurrence
their impact
*For further details, see Assessing risks.
Remediating Risks 
The acceptable level for each risk is defined based on previous evaluations.
Remediating risks involves:
identification of the various options possible
assessment of these options
preparation and implementation of remediation plans:
Risk Control Monitoring and Policy 
Policies and procedures are established and implemented to help ensure that risk responses are effectively carried out.
Monitoring is accomplished through ongoing management activities or independent assessments, or both.
Information and communication 
Relevant information is identified, collected, and communicated in a form and timeframe that enable collaborators to carry out their responsibilities. Effective communication should also occur in a broader sense, flowing downwards, across, and upwards in the entity.
Communication and consultation are important considerations at each step of the risk management process. They should involve dialog with stakeholders with efforts focused on consultation rather than a one-way flow of information from the decision-maker to other stakeholders.