Risk identification and analysis
Languages
Service navigation
Main Navigation
- New
- Practical knowledgecurrent page
- Trends
- SME policy
- About
Breadcrumb
- SME portal of SECO
- Practical knowledge
- Finances
- Risk management
- Risk planning
- Risk identification and analysis
Unternavigation
Context sidebar
During the risk identification phase, all possible risks are listed as scenarios. Risks are identified, analyzed and then categorized according to priority.
During this stage, the focus is on the main risks to the company. The checklist is often called the danger list. Most of the time, risks linked to individuals are limited. It is therefore important to concentrate on major risks to eliminate them as much as possible.
Internal and external risks
![Risk identification and analysis (3) Risk identification and analysis (3)](https://i0.wp.com/www.kmu.admin.ch/kmu/en/home/concrete-know-how/finances/risk-management/risk-planning/risk-identification/_jcr_content/par/image/image.imagespooler.png/1573687400442/riskio.png)
In principle, identifying risk begins with an analysis of strengths and weaknesses, i.e. a SWOT analysis (Strengths, Weaknesses, Opportunities, Threats). This can be carried out as part of a meeting with interviews with the company’s key managers. The SWOT analysis is a simple tool that helps give an understanding of risk management within a company and shows existing links between major problems and the company’s objectives. Moreover, the objective of a SWOT analysis is to identify main internal and external factors that influence the company’s development and values.
The results of the meeting, interviews, benchmark analyses and information from other internal and external sources are used to create a database that includes all major information regarding risk. Risks are categorized by type and are attributed to the correct category in the risk model (see illustration below).
Opportunity and threat profile
Level | Threat | Opportunity |
---|---|---|
insignificant | to be ignored given the size of the organization; the budget is barely reduced | to be ignored given the size of the organization; the budget is hardly any different |
limited | the consequences are minimal and can be financed by the cash flow; the budget is slightly reduced | the budget is slightly higher than forecast for certain aspects |
perceptible | the annual accounts are down; the EBIT is less than expected | the annual accounts and EBIT are better than expected |
critical/optimistic | the annual accounts are worse and worse; the EBIT is in danger (risk) | the annual accounts and EBIT are markedly higher than expected |
catastrophic/ | the company’s existence is under threat; equity is almost or entirely gone | the annual accounts and EBIT are extraordinarily positive and considerably higher than expected |
Source: Dr. Bruno Brühwiler, Management und Qualität, 5/2009
Once the risk catalog is defined, a general analysis should be performed for all identified risks. The risk analysis determines when a risk is manageable and therefore acceptable.
A risk tolerance threshold is often indicated in the risk environment. Risks above this threshold should not be tolerated, and risks below the threshold are acceptable.
A risk analysis is performed, generally, using two aspects:
- Probability describes the likelihood of an event occurring. In principle, probability is calculated for a three-year period. This period is used as a basis when the company has a strategic planning cycle;
- The consequences describe the concrete effect that this event would have. The analysis normally requires a financial value. As not all risks can be analyzed from a financial point of view, it is also possible to analyze them vis-à-vis their quality. To do so, you will need to use reputation, compliance, health and safety risks, as well as the expenses incurred by management to bring the situation under control, should the event occur.
The result of the risk analysis is represented graphically in the form of a risk map.
Risk map for fiduciary company xy
The example below highlights the main risks for a fiduciary company. The analysis is performed using two aspects: probability and consequences. Experience shows that companies often focus on approximately 10 main risks.
![Risk identification and analysis (4) Risk identification and analysis (4)](https://i0.wp.com/www.kmu.admin.ch/kmu/en/home/concrete-know-how/finances/risk-management/risk-planning/risk-identification/_jcr_content/par/image_0/image.imagespooler.png/1573687400736/RisikoanalyseFranz.png)
Sample danger list for a fiduciary company
No. | Danger zone0 Danger sector | Description of risk | Probability1 | Potential damage2 | Manager | Measures | Timeframe |
---|---|---|---|---|---|---|---|
1 | Strategic threat Current commercial activity | Depends on a few clients; losing a client would lead to dismissals | Possible | Threatens the company’s existence | XY | Diversification of customer base by focusing on another sector; drawing up a marketing plan | December 20xx |
4 | Management and employees Employees Behavior | Embezzlement by an employee/Company reputation affected | Extremely rare | Threatens the company’s existence | ZY | Verification of signatory powers. Verification of the authorization process. Verification of the monitoring process. | June 20xx |
6 | Management and employees Unfair trade practices | Imprecise (lax, superficial, unprofessional) application of business standards | Unlikely | Threatens the company’s existence | ZY | Operational audits by superiors, survey of customers, training and professional development | Twice per year Until June 20xx Every two months |
10 | Operational threat Dangers to production plants | Flooding of premises | Extremely rare | Threatens the company’s existence | XX | New IT rooms on the 2nd floor of the building, ensure that the site transfer goes well | July 20xx January 20xx |
16 | Financial threat Liquidity and non-payments | Credit limit exceeded - higher bank interest | Frequent | Sensitive | ZZ | Improve processes for reminders and liquidity planning | October 20xx |
0. Danger zones: strategic threat; operational threat; financial threat; management and employees
1. Frequent: weekly; possible = monthly, rare = annually; extremely rare = every five years; unlikely ≤ 5 years
2. Insignificant ≤ CHF5,000; minimal ≤ CHF10,000; sensitive ≤ CHF50,000; critical ≤ CHF100,000; threatens existence ≥ CHF100,000
Different methods for analyzing risk
A company can choose between various methods for analyzing risk. These are categorized into five different groups.
There are numerous methods for evaluating risks, which are categorized into five groups:
- Techniques for creativity: brainstorming, Delphi method, morphological matrix
- Analyzing scenarios: root cause analysis, failure and mistake analysis, worst-case scenario analysis
- Indicator analysis: Critical Incident Reporting Systems, Change-Based Risk Management
- Hazard analysis: FMEA, hazard analysis, HAZOP, HACCP
- Statistical analysis: standard deviation, confidence interval, Monte Carlo simulation
Source: Risikomanagement, Schweiz. Vereinigung für Qualitäts- und Management-Systeme (SQS), Zollikofen; 2008
Sign up to our SME newsletter to stay informed.
Last modification07.05.2021
Top of page
https://www.kmu.admin.ch/content/kmu/en/home/concrete-know-how/finances/risk-management/risk-planning/risk-identification.html