In: Accounting
After you had assigned the “1,” “2,” and “3” risk impact/risk
factor values to the identified risks,
threats, and vulnerabilities, how did you prioritize the “1,” “2,”
and “3” risk elements? What
would you say to executive management about your final recommended
prioritization?
Ques. After you had assigned the “1,” “2,” and “3” risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the “1,” “2,” and “3” risk elements? What would you say to executive management about your final recommended prioritization?
Ans. Assignment to risk impact/risk factor values from scale of 1 to 3 for identified risks, threats, and vulnerabilities would be classified into 3 parts that are high risk, medium risk, low risk. One would be for high risk, two would be for medium risk, three would be for low risk. Now for sake of explanation we are assuming that there are three projects that have been classified into above risk categorization. High risk project ranked 1 are most risky project but are having most earning potential, medium risk project ranked 2 are having medium risk and earning potential is also mediocre, Low risk project ranked 3 are having low risk and earning potential is also low. Risk elements have been prioritized on basis of strategic risk, compliance risk, operational risk, financial risk, reputational risk. Executive management will be explained about risk factors and returns of each project. My final recommendation on basis of risk prioritization would be take up medium risk (i.e., 2) which will balance the risk as well as provide returns to the company.