4.2 Standardised risk approach
An organisation may choose to define some risks that are present in large parts of (or the entirety of) the organisation in a standardised way that can be applied consistently across the organisation. The benefits of doing this are:
- Creation of a consistent view of the root causes and consequences.
- Greater awareness of the presence of the risk in the organisation.
- Opportunities to reduce silos and seek best practice across the organisation.
- Reduced waste in documenting risks.
- It ensures risks are owned in the right place.
- Greater potential for common treatment and sharing of best practice.
There are, however, some potential pitfalls to be aware of:
- Business areas may adopt the risk without considering if there are any different circumstances.
- If the completeness of the risk isn’t identified then the weakness persists across the organisation.
- Reduced ownership and accountability can occur.
- Users can become ‘blinkered’ to only the outlined set of risks and may fail to identify other risks.