3 Different risk identification approaches

the purpose of risk identification is to find, recognise and describe risks that might help or prevent an organisation achieving its objectives. Relevant appropriate and up-to-date information is important in identifying risks.

The organisation can use a range of techniques for identifying uncertainties that may affect one or more objectives. The following factors, and the relationship between these factors, should be considered:

• tangible and intangible sources of risk;
• causes and events;
• threats and opportunities;
• vulnerabilities and capabilities;
• changes in the external and internal context;
• indicators of emerging risks;
• the nature and value of assets and resources;
• consequences and their impact on objectives;
• limitations of knowledge and reliability of information;
• time-related factors;
• biases, assumptions and beliefs of those involved.

The organisation should identify risks whether or not the root causes are under their control. Consideration should be given that there may be more than one type of outcome which may result in a variety of tangible or intangible consequences.