4.4 Categorising different types of risk
Many organisations find it helpful to put their risks into categories – for example, whether the risk event is internal or external to the organisation. It is also common to categorise by the type of risk (e.g. financial, operational, compliance, etc.). The reasons for doing this can generally be described as follows:
- To allow the organisation to understand the types of risks it has at a macro level.
- To consider priorities, if, for example, a particular categorisation appears with greater significance and frequency than others.
- To consider combining efforts in particular areas (e.g. if common risk types emerge can common treatments be defined?). This is covered more in Session 5.
- To engage company specialists on the particular risk types.
Many organisations find it helpful to create other categories based on root cause or other businesses themes, and will often have their own strategic objectives, principal risks or priorities to align with.