Assess, analyse and evaluate risks
Overview
This standard is about assessing, analysing and evaluating risks in accordance with approved risk management policies and procedures. As part of assessment, the risk analysis covers identification, descriptions and estimation, followed by evaluation. It is appropriate for risk management and other professionals who are responsible for assessing, analysing and evaluating risks.
Performance criteria
You must be able to:
1. monitor the operational environment using appropriate data and identify internal and external risks to your organisation
2. assess risks and identify their potential impact and interdependencies, following agreed risk management policies and procedures
3. assist internal staff in identifying risks relevant to their roles and responsibilities
4. take account of risk perceptions, behaviours and biases when assessing, analysing and evaluating risks
5. use appropriate risk identification and analysis techniques in accordance with agreed risk management policies and procedures
6. evaluate the risks against established criteria to identify their significance
7. ensure risks and responsibilities are allocated in line with organisational procedures
8. establish appropriate controls for identified and emerging risks
9. ensure that risk assessment takes account of legal, regulatory and other compliance considerations
10. ensure that risk assessment takes account of ethical and social responsibility considerations
11. construct and use a risk register, in accordance with risk management policies and procedures
12. evaluate the risk register and review it on a regular basis, noting improvements and areas of non-compliance
Knowledge and Understanding
You need to know and understand:
1. your organisation’s aims, objectives and business plans
2. the structure of your organisation and its products and services
3. the culture of your organisation and the scope of risks associated with it
4. the current legal and regulatory requirements and standards that apply to risk management
5. the risk identification and analysis techniques relevant to your organisation and industry sector
6. the principles of good governance, environmental and social responsibility and ethical practice that apply to risk management
7. the concepts of risk management and risk awareness
8. the business environment and market within which your organisation operates
9. your organisation’s policies and procedures for risk management and supporting documentation
10. the types and sources of risk information
11. how to identify, categorise, describe, evaluate and prioritise risks
12. the methods of risk analysis and evaluation
13. how to identify interdependencies
14. the risk perceptions, behaviours and biases and how they affect risk management
15. the methods of statistical modelling and root cause analysis
16. the appropriate controls for different types of risks
17. the types of risk management software and other relevant tools
18. how to construct and use a risk register
19. why it is important to review the performance of risk register and review it regularly