Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Risk management

2 What should a ‘well written’ risk statement contain?

A risk must also have certain key elements, which generally are, as a minimum, root cause(s), an event and consequences. Recognising and identifying these elements is what constitutes a risk statement.

  • A root cause – This is the origin of the risk, the reason(s) the risk exists. As an example, consider the root cause(s) of a fire – a supply of oxygen, a source of heat and a source of ignition. One interesting method of drilling down to the root cause of a risk is to keep asking ‘why’ in response to the feedback on a question. This interrogative technique is called the ‘Five Whys’ technique and is attributed to Sakichi Toyoda, the founder of Toyota Industries.
  • An event – This is the risk itself, and normally the point where ‘control’ has been lost but the consequences have yet to occur. For example, the event for a fire is the fire breaking out, but no property being damaged or people harmed. In the business example the event will be a failure in awareness of contract liabilities.
  • A consequence – This is often described as the ‘so what?’ of risk management. These are the ‘events’ that occur as a result of the risk. Consequences should be measurable against the organisation’s objectives. The consequences for a fire may be damage to property, injury or loss of life, financial losses to repair and financial losses due to not being able to operate. It is important to note that a risk may have more than one root cause and more than one consequence. You need to capture all root causes and all consequences when identifying a risk and also recognise that the same root cause may drive more than one event and that the same consequences may arise from more than one event.

It is also important to identify risk ownership. In most cases the owner of the risk is the person who feels the impact of the consequences. However, this doesn’t mean that the risk owner has to personally complete all of the activities to treat the risks, which will be discussed in Session 5. There are often a number of other parties who support the risk owner to manage the risk.

Activity 3 Risk statements

Timing: Allow approximately 10 minutes

Put the following elements of some risk statements into the correct categories.

Click on the interactive to start selecting your answers from the drop-down options.

Interactive feature not available in single page view (see it in standard view).

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371