Identifying, Assessing and Evaluating Risk Is the Easy Part
Knowing your risks is just the start.
Acting, making informed decisions and taking the desired amount of the right risks, is the point of the spear.
Once you have identified a risk, what are you going to do about it? It’s a lot more than simply saying you are either going to accept, avoid, pursue, reduce or share a risk — the options shared in COSO Enterprise Risk Management (ERM) 2017 report (pdf).
You have options and each carries with it its own set of risks — things…