Risk Based Thinking|Plus IT

Risk-Based Thinking

By: Jorge Diéguez

Risk management in institutions (in the financial or real sector) has long ceased to be an issue related to occupational or financial risks and should now be seen as an entity-wide strategy providing a strong support for strategic decision making.

This change has been implemented by the emergence of a trend using Risk Based Thinking in management systems using legal frameworks or international standards such as ISO 31000. In this way, the new concept of risk is introduced at all levels and areas of the organisation.

The effect of uncertainty on the achievement of objectives

This conceptualisation provides a new approach to risk, as it is no longer labelled as something negative. If we look at the consequences we expect when we encounter or assume a risk, they can represent a positive value and can generate an "Opportunity". This is important to take into account when developing policies or methodologies for risk analysis and assessment or self-assessment.

Risk management is composed of a set of activities developed to direct, manage and control any risk-related issues that may arise in the processes and that may influence the achievement of goals.

The display of this process can be summarised in 4 points: Setting the context, risk assessment, risk treatment and monitoring and review.

Setting the context

This is the area in which organisations seek to achieve their objectives by analysing the internal and external environment. In the external environment, it is necessary to validate the labour, economic, political, regulatory, etc. environment, and for corporations this validation must be done at national and international level. Likewise, any factor that may have an impact on the company's goals.

In relation to the internal environment, it is made up of everything that, at the heart of the company, can influence the way in which risk is managed. This is why this management must be in line with key organisational aspects: culture, structures, policies and processes. The definition of risk management policies, risk assessment methods and the definition of responsible parties is very important.

Risk treatment

Identifies how objectives may be affected, analyses risks in terms of their potential consequences before deciding whether they require further treatment. It provides institutional staff with a better understanding of the risks that may affect organisational goals.

These risk measurement methods can vary from very simple to very complex, but the bottom line must prevail, i.e. that they are reasonable with the criteria set out in the context.

Follow-up and Review

At the end of the risk assessment, an understanding must be reached of the options or alternatives available to implement a change in the possible occurrence of incidents, as well as their possible conclusions. The necessary measures are then implemented and the risk reassessment phase is reached in order to identify the risk tolerance.

Risk Estimation

Last but not least, a continuous review or monitoring should be carried out to validate that the established criteria are still valid, as long as the proposed goals are being achieved, as well as to confirm that the strategies and treatments have been effective.

← Machine Learning

All for the Experience →

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.

About us

Fraud prevention

AML compliance

ABOUT US

COMMUNITY

SUPPORT

FRAUD PREVENTION

AML

RESOURCES

About us

Fraud prevention

AML compliance

COMMUNITY

SUPPORT

Test

Testing no more

We respect your privacy.