1. Risk Identification: What can inhibit the ability to meet the objectives? For example, the loss of key members of a team. For a long time, network outages IT. Late submission of important information by business unit post / individual. Failure to seize the business opportunity, too etc.Consider things that can improve the ability to meet the objectives of a business opportunity to raise funds.
2. Identify reasons: What are the causes of these things happen, for example, you may be disappointed by the main group, with its position, may be responsible for go elsewhere bait. When the person who depends on the information that may be too busy, go on vacation or slow-known in providing such data; Supervisor required for approval of the company's business may be to avoid risks and needs additional convincing before taking risks, etc.
3. Identify the controls: identify all things (controls) has in place, which aims to reduce the likelihood of the risk occurring in the first place, and if not, what you have in place to minimize the impact ( consequence). Examples include: providing a pleasant working environment for your computer. Versatility, through a team to reduce dependence on one person. Emphasizing the need to obtain the required information must be presented at the appropriate time, send reminders before deadline; and provide additional information to the supervisor before he / she so requests, etc.
4. Create your own probability and consequence of descriptors: descriptor possibility is quite general, but to describe it may depend on the context of the analysis. No. If the terms of its analysis to the unity of his work, a loss or a loss of some key staff members (for example) would have a greater impact on the business unit that will be in college as a whole, even the descriptors used for whole- University of context (strategic) generally will not be appropriate for college, and another work unit or individual. The idea is similar to the way that the loss of $ 300.000 will have less impact on the University of unit.You will have to work individually to create these standards in consultation with the head of the business unit.
5. Create your own descriptors risk classification: what is meant by low, medium, high or extreme risk needs a decision from the beginning.
6. In addition Cther elements: In general, any high risk category or end must be additional controls that are applied to reduce the rating to an acceptable level. What additional controls may be, if it is accessible to everyone, priority has been placed on it and it is something for the team to determine, in consultation with the head of the business unit.
7. Making the decision: once in the above process is complete, if there are still some risks that are classified as secondary or extremist, a decision should be whether the activity will continue. In some cases preferred greater than the risk, but there may be something more that can be done to mitigate the risk of any control over it and the work unit, but we still have to carry out the activity. In such cases, monitoring and periodic review is necessary.
8. Monitoring and review: control all the risks and dangers of the periodic review is an essential part of effective risk management.