Enterprise Risk Management
The purpose of the risk identification step is to “generate a comprehensive list of risks based on those events that might create, enhance, prevent, degrade, accelerate, or delay the achievement of objectives” (ISO 31000, 2009). The risk identification process focuses on “enterprise-level” risks and opportunities that have the potential to impact the strategic objectives of either the institution or one of its major units (Colleges, Schools, or Divisions), or represent a systemic risk throughout the institution. The risk identification process should yield both potential negative events that could impede the attainment of strategic goals as well as positive opportunities that could advance the institution’s progress toward its vision and goals.
Last modified June 20 2012 12:42 PM