您的位置: 首页  >  文章  >  The Differences between Risk Management, Risk Assessment, and Risk Analysis

The Differences between Risk Management, Risk Assessment, and Risk Analysis

分类: 文章 2024-01-27 21:14:34

As consultants, we often hear people use the terms Risk, Risk Management, Risk Assessment, and Risk Analysis, to describe a wide variety of things. While this may not be a big deal to most, for those who are tasked with performing that work, it can cause confusion and an occasional misunderstanding (due to missed expectations).

While there are some overlap in the actual work that those terms define, (e.g. Risk Management and Risk Assessment both include Risk Analysis) there are differences that are worth pointing out.

Risk Management

First lets start with Risk Management. According to the Marquette University Risk Unit, risk management is the continuing process to identify, analyze, evaluate, and treat loss exposures and monitor risk control and financial resources to mitigate the adverse effects of loss. We typically simplify this a bit and describe it as the Identification, Analysis (or Measurement), Treatment and Monitoring of risk.

Risk Assessment

According to the Open Group, risk assessment includes processes and technologies that identify, evaluate, and report on risk-related concerns. As stated in NIST 800-30, the risk assessment process is a “key component” of the risk management process. Using the simplified definition of Risk Management above, it is primarily concerned with the Identification and Analysis phases.

Risk Analysis

Again referencing the Open Group, risk analysis can be considered the evaluation component of the broader risk assessment process, which determines the significance of the identified risk concerns. Simplifying this a bit, we can think of risk analysis is the actual quantification of risk (i.e. calculating the probability and magnitude of loss).

summary

The Differences between Risk Management, Risk Assessment, and Risk Analysis
figure: Relationship between Risk Mgmt, Assessment & Analysis

Risk Management vs Risk Control

  • Risk management is the process of identifying, analyzing and treating risks.

  • Risk control is a type of risk treatment that involves implementing policies, procedures and automations to reduce risk.

Relationship:
Risk control is a stage of Risk management. In other words, Risk management use Risk control as one method of treating identified risk.
The Differences between Risk Management, Risk Assessment, and Risk Analysis
Table: Risk Management vs Risk Control

相关推荐