Risk Management Process
Establishing Context: This includes an understanding of the current conditions in which the organization operates on an internal, external and risk management context.
Identifying Risks: This includes the documentation of the material threats to the organization's achievement of its objectives and the representation of areas that the organization may exploit for competitive advantage.
Analysing/Quantifying Risks: This includes the calibration and, if possible, creation of probability distributions of outcomes for each material risk.
Integrating Risks: This includes the aggregation of all risk distributions, reflecting correlations and portfolio effects, and the formulation of the results in terms of impact on the organization's key performance metrics.
Source: BCAS Publication