ABSTRACT
This chapter reviews four frameworks that help to identify and prioritize known risks. It discusses the issues that arise in determining cause and effect and outlines the principal strategies available to manage risk. The chapter describes two relevant approaches to cost-benefit analysis. The risk register and the risk review process briefly described in the chapter. The chapter focuses on the detail of the risk-mapping process and subsequent cause-and-controls assessment, because these are both activities central to risk thinking. There are three other recognized components of the process that follow risk mapping. A cause-and-controls assessment sets specific risk improvement objectives for key risks identified in the risk mapping exercise. A corporate risk register provides a documentary summary of all risks requiring attention across the firm and the basis upon which they will be managed. Regular risk reviews allow for the periodic assessment of progress against defined risk management goals at meetings with a specific focus on risk and its management.
