1. Establish risk context

1. Review your organisation’s processes, procedures and requirements for managing risk according to current risk management standards
2. Determine the scope for risk management
3. Identify internal and external stakeholders and their issues
4. Review the political, economic, social, legal, technological and policy context
5. Review strengths and weaknesses of existing arrangements
6. Document critical success factors, goals or objectives for area included in scope
7. Gain support for risk management
8. Communicate with relevant parties about the risk management and invite them to participate

 

2. Identify risks

1. Invite relevant parties to help identify risks
2. Research risks that might apply to scope
3. Use tools and techniques to generate a list of risks that apply to the scope, in consultation with relevant parties

 

3. Analyse risks

1. Assess the likelihood of risks occurring
2. Assess the impacts or consequences if risks occur
3. Evaluate and prioritise risks for treatment

 

4. Select and implement treatments

1. Determine and select most appropriate options for treating risks
2. Develop a plan for treating risks
3. Communicate risk management to relevant parties
4. Ensure all documentation is in order and appropriately stored
5. Implement and monitor action plan
6. Evaluate the risk management process

 

---