Risk Assessment Process

To be effective, the risk assessment process must be accepted as part of the business process of the enterprise. The risk management professional looks to ensure that the analysis and assessment processes support the business objectives or mission of the organization. For years I have been trying to help security and audit professionals understand that security or audit requirements are not what the business needs. There are only business or mission recommendations or solutions. Remember, part of the success of a process is its acceptance by the user community. Trying to mandate requirements to managers can be counterproductive. An effective risk assessment process will search for the business needs of the enterprise

To be successful, the needs of the customer must be identified and met. Every time the risk assessment is to be conducted, the risk management professional must meet with the client to determine what is to be reviewed, what kinds of risk elements are to be examined, and what the client needs as a deliverable or results from the process.