Risk Assessment

The purpose of a risk assessment is to systematically identify all of the risks associated with a task, activity or process, and put appropriate controls in place to eliminate or reduce the risks associated with that activity.

This entails breaking the activity down into separate components and ascertaining all of the risks associated with each component of the activity. Once the risks are identified you then assess the level of risk, to determine its priority. According to the level of risk and hence the priority, you decide on what controls you can put in place to eliminate or reduce the risk. Obviously something with a high level of risk is a greater priority and may need to have more complex controls in place. In many circumstances, you will find that it is impossible to totally eliminate the risk.

The degree of risk that remains after you have implemented controls is referred to as residual risk. If you find that the residual risks are too high (ie you just can’t put controls in place that reduce the risk), you may have to abandon the activity or think of other controls to put in place to reduce the risk. Best results will be achieved if the risk assessment is undertaken by more than one person, as this enables different views and perspectives, meaning that you are better able to identify all of the risks. It also means greater and more varied input on determining controls.