Conducting a comprehensive risk management needs assessment is an important activity for any organization. Besides the typical reasons, a comprehensive risk management assessment is a useful tool to uncover and identify lapses in insurable risks, unique unknown exposures, limited supply and distribution channels, to name only a few. Unfortunately, the variety of issues needed to be assessed are typically handled by various departments and personnel and often there is no one person with the knowledge, skill set, or authority to handle the entire subject properly.
When you conduct a risk management needs assessment, you must start with identifying a number of goals for the organization, and more importantly yourself, which can include:
Expand your thoughts to areas of the organization where you have not previously been involved.
Do not attempt to do the assessment by yourself.
Be a champion for effective communication throughout the organization.
Be prepared to market your function.
Be diligent in monitoring current programs and procedures.
Be open to new and developing exposures/issues, and designing, implementing, and following up on corrective action plans as needed.
Be prepared to fully explain the function and goal of the assessment to open previously closed doors.
The cost of risk can be defined in a number of ways. You must define what you will be dealing with in the scope of your assessment. If this is not well defined, your efforts could be seen as incomplete or you could end up giving management a false sense of security that their risk issues have been identified, when you did not include them in your scope.
Risk can involve various aspects of the company's overall operations and can be identified into four main quadrants of risk to include: Hazard, Operational, Financial, and Strategic. Each area stands alone, but they are interdependent, and each aspect should be considered to effectively evaluate the total cost of risk.
Hazard risk - Hazard risk comprises, primarily, the traditionally insurable risks. These include fire, products liability, and a wide range of other sources of loss.
Operational risk - Operational risk arise out of daily operations (supply chain, quality control, cost overruns, faulty workmanship, product tampering and product recall, compliance with various regulatory agencies, etc.).
Financial risk - Financial risk concerns money. Included in this category are credit risk, cashflow management, the cost/benefit ratio of research and development, economic instability, the cost of commodities or raw materials, and tax minimization.
Strategic risk - Strategic risk concerns business decisions. This includes anything that impacts your clients and/or customers' loyalty, patent infringement, the viability of partners with which your form joint ventures, the professional development of your organization's staff, the success or failure of any mergers and acquisitions, and risk management itself. (Marsh 2-4)