December 4, 2019 par

Risk mapping: from identification to management, what are the challenges?

In the context of an economic activity, organizations expose themselves to a number of risks that must be able to be identified, listed, assessed in their criticality in order to apprehend them to avoid or limit any possible damage.

What is a risk?

It is a hazard, a combination of probable, random events that can harm property, people or both. This is why it is necessary to quickly realize that a company, whatever its size, will be confronted with a number of situations potentially damaging to its activity, to employees or both, throughout its journey.

Risk can also be considered an opportunity because it can have unexpected positive consequences. According to Gilbert de Mareschal, risk “is a mixture of three concepts: hazards, damage and opportunity (source:” Risk mapping. “Gilbert de Mareschal, 2003 editions in French).

What is the difference between a risk and a danger?

Although its consequences can be more or less serious, a risk is not a danger. The danger is imminent, and is related to the property or intrinsic characteristics of an object, a product, a person, a process. A risk remains the probability of an event and consequences.

What are the different types of risks?

Companies are subject to many risks, more or less important. To name just the main ones, there are the events:

  • strategic: linked to competition and markets
  • related to compliance: appearance or modification of regulations, standards.
  • financial: such as events related to the company’s liquidity
  • related to information security: one of the hottest topics of our time
  • operational: everything related to people, human resources

What is the criticality of a risk?

It is above all the determination of the importance of the occurrence of a risk, or even of its consequences. When assessing the criticality of a risk, we take into account various parameters such as its level of severity, its frequency and its probability of occurrence. Finally, they should be added to a matrix to more easily visualize their importance and facilitate processing.

(source : risks criticality matrix by smartcockpit)

Why should we map the risks?

Business risk mapping is vital! It allows both their identification and their processing. The purpose of this process is to understand all the events and factors that can affect an activity.

This is important since this information will be shared with all the departments of your organization, with all your collaborators. In addition, this document will allow us to see the points for improvement but also the opportunities and the sensitivity of each subject.

It is therefore a strategic issue for the company because it will allow it to be more efficient and more resilient in the event of one of the phenomena.

How to properly map the risks?

Several steps are necessary to produce this document. First, you need to gather a certain amount of information that will help identify threats and create a risk criticality matrix:

  1. Identify risks according to objectives and / or activities
  2. Assess their potential consequences
  3. Define their frequency of occurrence
  4. Treat the risks to eliminate or control them
  5. Establish monitoring and control processes

The purpose of this risk information is to be analyzed using a matrix and to be assessed in the context of the organization’s activities. Thus, and only then, it will be possible to decide which actions to carry out knowingly. This is what we call ” risk aware decision making “.

Tools to help you

To help you in this process of mapping the risks linked to your organization, you can refer to numerous books which will provide you with precise information such as:

To complete, smartcockpit has developped a risk management solution which contains several modules in the form of cockpits dedicated to specific risks. For more information, do not hesitate to contact us.