4/15/2025

HANOI UNIVERSITY OF SCIENCE AND TECHNOLOGY

SCHOOL OF ECONOMICS AND MANAGEMENT

CHAPTER 2
RISK IDENTIFICATION

Risk Identification: A Step-by-Step

 Step 1: Define the Scope of Risk Identification
 Understand the organization’s context and define what risks need to be
identified.
 Step 2: Use Risk Identification Techniques
 Apply different methods to uncover potential risks.
 Step 3: Categorize Risks
 Organize identified risks into meaningful categories
 Step 4: Document Risks in a Risk Register
 Create a Risk Register to track all identified risks.
 Step 5: Review & Update Risks Regularly
 Ensure risk identification remains an ongoing process.

RISK MANAGEMENT 2

1
 4/15/2025

Step 1: Define the Scope of Risk Identification

Determine the scope of risk identification:
 Enterprise-wide risks?
 Project-specific risks?
 Operational risks?
Define the risk environment:
 External Risks (economic, regulatory, competition).
 Internal Risks (process failures, financial mismanagement).
Identify key stakeholders (risk owners, senior management, auditors).

RISK MANAGEMENT 3

PORTER’S VALUE CHAIN

RISK MANAGEMENT 4

2
 4/15/2025

Step 2: Use Risk Identification Techniques

 1. Brainstorming (relevant partners- direct and indirect stakeholders)
 2. Stakeholder interviews (difficult in defining impacts of risk)
 3. Nominal group technique (NGT: relevant partners – academic – consultants: new
issue, no experience)
 4. Affinity diagram
 5. Requirements review
 6. Project plans
 7. Root cause analysis
 8. SWOT analysis (for strategic
risk)

RISK MANAGEMENT 5

Risk identification questionaire

1. What are we trying to achieve?: OBJECTIVE
2. What might affect us achieving this?: RISK occurement
3. Which of those things are most important? RISK Priority
4. What shall we do about them?
5. Have we taken action?
6. Who needs to know?
7. Having taken action, what has changed?
8. What did we learn?

RISK MANAGEMENT 6

3
 4/15/2025

What the risk manager asks when assessing risk?

Exposure • Maximum amount of damage

Volatility • How certain in the future

Probability • How likely risk occurs?

• Amount of damage is actually likely to be

Severity
suffered
Time horizon • How long risk is exposure

Correlation • How are risks related to each others

Capital • How much to cover unexpected loss

RISK MANAGEMENT 7

1. Brainstorming
 Brainstorming is the act of
gathering team members to
think about and discuss a
subject and to form solutions
to any identified problems
 to identify, analyze and
address potential risks by
hearing from people who work
at the front end of the business.

RISK MANAGEMENT 8

4
 4/15/2025

RISK MANAGEMENT

2. Stakeholder interviews
 Stakeholders are the people who have an interest in your project or business, and
interviewing them may help you better understand what they believe are the biggest
risks.

RISK MANAGEMENT 10

10

5
 4/15/2025

3. Nominal group technique

 more in-depth approach to the
subject
 Participants write their own
ideas
 A senior member of the team
asks each participant for their
thoughts
 Group discusses each item to
ensure everyone understands
them,
 Group prioritizes each one.

RISK MANAGEMENT 11

11

4. Affinity diagram
 organizes data into categories based
on their similarities
 each team member to write what they
believe are potential project or
company risks and file each response
under a few categories
 the team can prioritize each risk and
address it.

RISK MANAGEMENT 12

12

6
 4/15/2025

5. Requirements review
 review of a project's labor, material or financial requirements, and allows the team to
analyze requirements often and identify potential risks quickly
 team can complete a requirements review throughout the project timeline to
understand risks and requirements at each stage of production

RISK MANAGEMENT 13

13

6. Project plans
 A project plan is a
basic outline of the
project and its
needs. This
includes things like
material and labor
needs, the timeline
for the project and
any risks that
come with it

RISK MANAGEMENT 14

14

7
 4/15/2025

7. Root cause analysis

 A root cause
analysis is an
investigation of
previous project
risks and how
they relate to
one another and
the current
project.

RISK MANAGEMENT 15

15

8. SWOT analysis
 Strengths: Areas where the team
excels and how they relate to
projects.
 Weaknesses: Areas where the team
can improve to increase productivity
and efficiency.
 Opportunities: Areas where the team
or business can improve or expand.
 Threats: Areas of risk for the project
or business and how the team can
minimize those risks.

to understand a project's or business's

risks alongside other important factors

RISK MANAGEMENT 16

16

8
 4/15/2025

Risk analysis from an event

RISK MANAGEMENT 17

17

Step 3: Categorize Risks

Category Description Examples
General Data Protection Regulation
Failure to adhere to laws,
Compliance Risks non-compliance, fraud, tax
regulations, or contracts.
penalties.
Physical threats that cause harm or Fire, flood, theft, workplace
Hazard Risks
operational failure. accidents.
Uncertainty due to system failures IT security breaches, supply chain
Control Risks
or lack of processes. disruptions.
Risks taken to achieve business Expansion into a new market,
Opportunity Risks
growth or innovation. launching a new product.

RISK MANAGEMENT 18

18

9
 4/15/2025

Step 4: Document Risks in a Risk Register

Risk Description – Clear explanation of the risk.

Risk Category – Compliance, Hazard, Control, Opportunity.

Risk Owner – Who is responsible for managing the risk?

Likelihood & Impact Rating – Use a Risk Matrix to quantify risk.

Potential Consequences – Financial loss? Operational failure? Reputational

damage?

RISK MANAGEMENT 19

19

AC2. RISK IDENTIFICATION

You are a risk manager for a large e-commerce company. Recently, the company
has experienced several operational disruptions, including:
 A cybersecurity breach exposing customer data.
 Supply chain delays due to global transportation issues.
 Regulatory changes in consumer data protection laws (GDPR).
 Increased competition from new online retailers.
Tasks:
1. Identify the potential risks in this scenario.
2. Categorize them (Compliance, Hazard, Control, Opportunity).
3. Describe their potential impact on the business.
4. List actions to mitigate or manage these risks.

RISK MANAGEMENT 20

20

10
 4/15/2025

AC2 Hint.

Potential
Risk ID Risk Description Risk Category Likelihood Impact Suggested Mitigation
Consequences
Cybersecurity Implement multi-factor
Loss of customer trust,
R1 breach exposing Control Risk High Severe authentication, regular
legal fines, data leaks
customer data security audits
Supply chain Delayed shipments, Diversify suppliers,
R2 delays affecting Hazard Risk Medium High customer complaints, invest in warehouse
product delivery revenue loss stock
Non-compliance Legal penalties, Conduct GDPR audit,
R3 with new GDPR Compliance Risk High Severe lawsuits, reputational update privacy policies,
regulations damage train employees
Increased Enhance marketing,
Market share loss,
R4 competition from Opportunity Risk Medium Medium invest in customer
revenue decline
online retailers experience

RISK MANAGEMENT 21

21

11