What is Risk Assessment?
To understand risk assessment, it’s important to get acquainted with some basic terms:
Risk: The possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of probability and severity.
Probability: The likelihood or chance that something could happen.
Severity: The extent to which something could happen (measure of how bad/ how good).
Control: Any action taken to manage (reduce) risk and increase the likelihood that the organization’s objectives and goals will be achieved. Management is responsible for planning, organizing, and implementing controls.
Risk Assessment: An analysis of what could go wrong and to what extent.
What happens during Risk Assessment?
Each year, City departments document their critical functions and services and identify key risks and controls for each of those functions/ services. By cataloging this information, the City can better determine which risks could most prevent the organization from achieving its goals and objectives.
The Internal Audit Division assesses and evaluates city-wide risks to determine which areas leave the City open to the greatest exposure. Internal Audit seeks input from the employees, management, Charter Officials, and City Commissioners on possible risks and their potential likelihoods and severities. The results of the assessment are prioritized and used to develop the Audit Schedule on an annual basis, as required by the Institute of Internal Auditors.
The risk assessment process is an ongoing one. Internal and external threats constantly develop, presenting new hazards. Change itself is a risk, and management must continually adapt its policies and procedures to manage its changing risks to a comfortable level.