Frequently Asked Questions

Thibaut de Roux has more than 30 years of experience working in risk management; what does risk management involve?

Risk management creates a structure that businesses can work within that aims to mitigate risk. Risk management involves applying management procedures and practices to business analysis, assessment, monitoring and communications, and it is an essential practice for all businesses.

The process of risk management involves the identification, evaluation and prioritisation of risk, to minimise, monitor and control its impact or likelihood. Risk management aims to put in place the necessary precautions to protect a business against risk, and it is often performed when a business makes an important financial investment.

What are the four types of risk?

 Risk can be categorised into four different types: legal, financial, physical and ethical. A legal risk would be anything that constitutes a liability to a business’s stakeholders, such as the shareholders, suppliers, staff, clients, or any other related party. Financial risks include loans, attendances, fees receivable, insurance costs, lease payments, penalties and fines, damage claims, or any other types of fee. Physical risks include injuries and risks involving real estate, vehicles and machinery, inventory and stock, or land. Finally, ethical risks include the possibility of damage being done to the reputation of a company.

 What are the five steps of risk management?

 The five steps of risk management are as follows:

1. Identify the circumstances where risk might occur. It is important to recognise areas of risk before an issue arises, so the situation can be planned for and hopefully mitigated entirely.
2. Step two is risk identification and categorisation. Relevant and probable risks can be categorised into four areas: physical, legal, financial and ethical.
3. Assessing and evaluating the risks that have been identified is a very important step. The assessment must explore both how likely each risk is, and how dangerous or damaging the effects of the risk would be. Each risk will be given a rating depending on how severe and how likely it is, moving from critical to moderate to low.
4. Risk control is the process of acting to avoid and mitigate as many of the risks as possible.
5. Finally, monitoring and reviewing the risk management process is the crucial last step.