The Risk Management Software market continues to move toward forward looking risk assessments that aim to resolve the uncertainties inherent in all business activities. To ensure that uncertainties are understood and managed effectively, our customers seek to define risk criteria that reflect a range of possible scenarios. Multiple risk assessment criteria, and the ability to define scenarios, are common customer case studies. We see customers more frequently requiring the ability to define iterative risk assessment processes where risk managers consider risk criteria whenever circumstances change, and use the risk information for capital allocation decisions.
We see a trend in our customr risk assessment processes to include multiple consequence dimensions, quantitative and qualitative calculations, scenario analysis and risk treatment efficiency calculations.
We empower our users with the tools to quantify potential future outcomes for what-if analysis of treatment options, and use these outcomes in their business cases for budgeting purposes.
Customer Risk Criteria
- Financial 100%
- Operational 90%
- Health and Safety 75%
- Environmental 75%
- Trend 50%
- Control Effectiveness 50%
- Schedule 10%
- Quality 10%
- Communications 10%
ISO 31000 explains that risk criteria should be tailored to the organiztion, and tailored to the context of each risk management practice and process. Risk criteria may include qualitative and quantitative dimensions, and therefore may include information that varies between organizational levels, domains and practices.
- Risk is the effect of uncertainty on objectives, ISO 31000:2009
- Objectives can be of any type, any measure
- Risk criteria are the terms in which significance of risk is expressed
- Level of Risk is the magnitude of a risk, or combination of risks, expressed in terms of the combination of consequences and their likelihood
Risk Assessment can consist of any qualitative or quantitative criteria, including frequencies of events or probabilities of outcomes. Scenarios could be developed and used for what-if analysis, and calulated if the criteria are expressed in quantitative terms. Weighing up scenarios against each other forms part of the risk evalaution and risk treatment steps and may span all proactices and processes that manage risk. Each of these practices or processes may have risk criteria that were defined in qualitaive and/or quantitative terms, and should be considered when communicating about risk with stakeholders that are not familiar with those terms. The most effctive way to communciate risk to a broad stakeholder group, seems to be quantitative terms.