RISK IDENTIFICATION

Risks are events that could cause losses. After establishing the objectives of risk management and
defining the risk management policies, the next step in the process of managing risks, is to identify
risks. It becomes necessary to dig into the operations of the company and discover the risks to
which it is exposed.

Risk identification requires a thorough knowledge of the organization and its operations. The risk
manager needs a general knowledge of the goals, policies and functions of the organization. What it
does and where it does it. This knowledge can be gained through inspections, interviews with
appropriate persons within and without the organization, and by examination of internal records and
documents.

If potentially dangerous gaps in one’s knowledge are to be avoided, the first part of the risk
identification process must aim to discover every possible risk factor that may be associated with:

(a) The organizations own activities, including:

(i) The nature of the activities. That is what sort of business it is in. These activities may themselves
be risky or relatively safe. They may be the source of the risk.
(ii) The manner in which the organization undertakes its activities such as, the production methods
it employs, whether any work is subcontracted, who its suppliers and customers are, and so forth.
Sometimes the activity is itself relatively safe but the way it is being carried out could be very risky.
A loss can occur because of the way a relatively safe activity is carried out.
(iii) Where it carries out its activities, for example, servicing work done at customer’s premises, and
the final destination of its products. The location in which the activity is being carried out can itself
be a source of risk. Risk can emanate from the physical characteristics of the place in which the
activity is being carried out.

(b) The physical, legal, and political environment in which it operates.

Here one is for example, concerned with legal provisions relating to responsibilities for injuries
arising from defective products, the speed of the judicial processes, exposure to political risks,
natural catastrophes, and so forth.

It is not possible to generalize about the risks that a given organization will face. This is due to:-
(l) The differences in the kind operations in which the different organizations engage.
(ii) The different conditions and circumstances in which the organizations operate that give rise to
different risks.

The task of risk identification breaks down into two sub parts, namely:
(a) The perception of risk. That is the ability to perceive that there is an exposure.
(b) The identification of the operative cause or perils, coupled to the likely result. Before
considering the various techniques that may be employed in this risk identification process, three
points must be made.
(i) No single method is likely to reveal all the risks to which an organization is exposed, so that
several techniques must be employed.
(ii) Because of budget constraints and the fact that increasing effort is likely to yield diminishing
returns, a risk manager must select those methods which in his situation promise the best results.
(iii) Risk identification must be an on going process: organizations are dynamic not static beings,
and even the most stable and conservative organizations exist in a changing world.
The task of identifying risks can either start with the source of losses, or with the problems that can
cause losses.
APPROACHES IN RISK IDENTIFICATION
The following approaches can be used in risk identification.
(a) Source analysis. Risk sources may be internal or external to the system that is the target of risk
management. Examples of risk sources are: stakeholders of a project, employees of a company.
(b) Problem analysis. Risks are related to threats. For example: the threat of losing money. The
threats may exist with various entities, most important with shareholders, customers and legislative
bodies such as the government.
(c) Reports. A scan of various reports such as auditor’s reports, safety audit reports, loss assessor’s
reports at the time of claims for insurance, etc. will reveal the potential areas of events that can
result in financial loss to the business.
(d) Inspections. A physical inspection by risk inspectors can also reveal potential losses and the
risks associated with them.
(e) Financial statements. A careful study of the various items in the financial statements can reveal
potential risks. The main financial statements are the balance sheet and the income statement. All
the critical items in the financial statements are assessed for risks.

Techniques and Tools for Risk Identification

1. Physical inspection
2. Checklists
3. Information-gathering techniques;
a) Brainstorming
b) Delphi technique
c) Interviewing
d) Strengths, weaknesses, opportunities and threats (SWOT) analysis
4. Hazard and Operability Study
5. Diagramming techniques;
a) System or process flow charts
b) Influence Diagrams
6. Documentation reviews
7. Combination Approach

Physical Inspection
This involves the physical examination (concerning things that can be experienced through the five
senses) to detect risks facing the organization Forms of inspection An inspection program should be
flexible. There are no hard and fast rules about it. It should be a combination of routine and non-
routine inspection and includes:
a) routine inspection of all risks
b) routine inspection of a particular area of risk
c) specific inspections resulting from recommendations, complaints, reports or advice from staff,
users, stakeholders and others -This includes investigations and/or inspections recommended by the
risk management or health and safety committee inspections as a result of incidents or accidents.

Checklists
Organizations may develop checklists of risks based on information collected from past activities.
The checklist is a quick way to identify risks. A checklist should not be considered as complete and
the possibility of other risks should be addressed. Though checklists are largely industry specific.

Information-Gathering Techniques
Several methods of information gathering can be used in risk identification. These may include the
list below.
a) Brainstorming
Probably the most frequently used risk identification technique. The goal is to compile a
comprehensive list of risks that can be addressed later in the risk analysis processes.
How Brainstorming Works?
A meeting is organized with a multidisciplinary set of experts. Under the leadership of a facilitator,
these people generate ideas about enterprise risks. The brainstorming meeting proceeds without
interruption, without expressing judgment or criticism of others’ ideas and without regard to
individuals’ status in the organization.

b) The Delphi technique

The Delphi technique is a method by which a consensus of experts can be reached on a subject such
as project risk. Project risk experts are identified but participate anonymously. The Delphi
technique helps reduce bias and minimizes the influence of any one person on the outcome.
How the Delphi Technique Works?
A facilitator uses a questionnaire to solicit ideas about the important project risks. The responses are
submitted and put into risk categories by the facilitator. These risks are then circulated to the
experts for further comment. Consensus on the main project risks may be reached after a few
rounds of this process.

c) Interviewing
Risks can be identified by interviews with experienced project managers or with experts in the
field. The appropriate individuals are selected and briefed on the project. The interviewees identify
risks on the project based on their experience, the project information, and any other sources that
they find useful.

d) Strengths, weaknesses, opportunities and threats (SWOT) analysis

Ensures examination of the organization from each of the SWOT perspectives to increase the
breadth of the risks considered.

Hazard and Operability (HAZOP) Study

A HAZOP study identifies hazards and operability problems. The concept involves investigating
how the plant might deviate from the design intent. If, in the process of identifying problems during
a HAZOP study, a solution becomes apparent, it is recorded as part of the HAZOP result; however,
care must be taken to avoid trying to find solutions which are not so apparent, because the prime
objective for the HAZOP is problem identification. HAZOP is based on the principle that several
experts with different backgrounds can interact and identify more problems when working together
than when working separately and combining their results.

Diagramming techniques
• Cause-and-effect diagrams: - useful for identifying causes of risks
• System or process flowcharts: - show how various elements of a system interrelate and the
mechanism of causation
• Influence diagrams: - a graphical representation of a problem showing causal influences,
time ordering of events and other relationships among variables and outcomes

Documentation Reviews/Document Analysis

Document can aid in the process of risk identification. The assets listing on the balance sheet may
alert the risk manger of assets that might otherwise be overlooked. The income/expenses
classification in the income statement may likewise indicate areas of operation of which risk
manager was unaware.
Combination Approach
This is a preferred approach to risk identification. This is where all the tools listed above are used in
risk identification. Each of these tools can provide a part of the puzzle and together can be of
considerable assistance to the risk manager.