Risk assessment definition
/What is a Risk Assessment?
A risk assessment is the practice of reviewing an organization's activities and investments to determine the likelihood of loss. This information is then used to make various operational adjustments in order to reduce those risks that are considered to be excessive.
When to Conduct a Risk Assessment
Risk assessments must be completed at regular intervals, so that changes in the financial and operating environment can be used to adjust the assessment. These adjustments may be triggered by changes in economic conditions, the political situation, the environment, and so forth. For example, a decline in general economic conditions could increase the expected rate of default on mortgages issued by a bank. Or, changes in weather conditions could alter the expected quantities of grain that will be shipped by a freight transfer company, which alters its cash flows. As another example, a company has just acquired another business, and conducts a risk assessment related to all aspects of the acquiree, such as the likelihood of customer turnover, employee theft, and product recalls. Or, a risk assessment of a company's computer systems could result in the identification of several security holes that a hacker could exploit.
Related AccountingTools Courses
Business Insurance Fundamentals
Advantages of a Risk Assessment
A business gains the following advantages from the risk assessment process:
It can decide whether to make a new investment or sell off an existing investment.
It can determine which actions to take in order to mitigate certain risks.
It can decide whether there are significant upsides related to certain risks that make it worthwhile to retain those risks.
Risk Mitigation Techniques
There are a number of risk mitigation techniques that may be pursued. For example, procedures can be altered to eliminate risky practices. Or, risk can be handed off to a third party, perhaps by outsourcing activities or buying insurance. In some cases, management may deliberately choose to retain risk, especially when the business has a deep knowledge of the risk area and believes that it can effectively manage the risk.
Who Conducts a Risk Assessment?
Risk assessments are conducted by the chief risk officer (CRO). If there is no CRO (as may be the case in a smaller organization), then the task is usually taken over by the chief financial officer.