What is a risk assessment?
- A risk assessment is not an audit.
- A risk assessment is a method used to identify vulnerabilities which might prevent a department from achieving its goals and objectives.
- Part of the process is a review of mission and goals: Are your unit’s mission and goals in sync with the University’s mission and goals?
- Part of the process is to identify the activities of the department and determine what could prevent the area from achieving its goals or mission
- A risk assessment can be a formal process that assigns a score to risk based on impact and probability. Not all risks are equal. Some are more likely than others to occur, and some will have a greater impact than others if they occur. So, once risks are identified, their probability and significance must be assessed, or the likelihood of occurrence and impact on objectives
Why assess risk?
- To identify vulnerable areas within a department.
- To direct resources effectively. Too many people or too much time may be spent on processes that do not need that much attention while riskier processes are lacking in attention.
- To communicate risks. An end product that will visually show you and senior management where the problems are.
- Having assessed risk, management must decide how to deal with it. In some cases, the decision may be to control it; in others, it may be to accept it.