Daftar Isi

Risk identification
The purpose of risk identification is to find, identify and describe risks that can help or hinder the organization in achieving its goals. Relevant, adequate and up-to-date information is important in identifying risks. The Company identifies risks regardless of whether the source of the risk can be controlled or not.
Risk Analysis
The purpose of risk analysis is to understand the nature of the risk and its characteristics, including, if possible, the level of risk. Risk analysis involves a detailed consideration of the uncertainties, sources of risk, impacts, possibilities, events, scenarios, controls and the effectiveness of those controls. Risk analysis can be carried out with varying levels of detail and complexity, depending on the purpose of the analysis, the availability and reliability of the information and the availability of resources. Risk analysis provides input for risk evaluation, for decisions on whether risks need treatment and how to treat them, as well as on the most appropriate risk treatment strategies and methods.
Risk Evaluation
The purpose of risk evaluation is to support decision making. Risk evaluation involves comparing the results of risk analysis with the established risk criteria to determine whether additional action is required.

Risk Treatment

The purpose of risk treatment is to select and implement risk treatment options. Risk treatment includes an iterative process of:

Monitoring and Review

The form of monitoring and review consists of:

On going monitoring
The risk owner unit continuously monitors all factors that affect the risk and environmental conditions of the company. If there is a planned organizational change or a changing external environment, changes are most likely to occur in: