Risk

Description

Internal / External

Board Composition

It is essential that a strong board exists but that also the non-execs are appointed and have suitable power and oversight

Internal

Control Frameworks Risk

Inadequate design or performance of the existing risk management infrastructure

Internal

Corporate Governance Risk

Failure of directors to fulfil their personal statutory obligations in managing the organisation

Internal

Criminal and Illicit Acts Risk

Loss or damage caused by fraud, theft, wilful neglect, gross negligence, vandalism, sabotage, extortion, etc.

Both

Ethics Risk

Damage caused by unethical business practices, including those of associated business partners. Issues include racial and religious discrimination, exploitation of child labour, pollution, environmental and so-called 'green issues', behaviour to disadvantaged groups, etc.

Both

Information Security Risk

Unauthorised disclosure or modification to information, or loss of availability of information, or inappropriate use of information

Both

Legal & Regulatory Compliance Risk

Failure comply with the laws of the countries in which business operations are carried out, or failure to comply with any regulatory, reporting and taxation standards, or failure to comply with contracts, or failure of contracts to protect business interests

External

Management Information Risk

Inadequate, inaccurate, incomplete or untimely provision of information to support the management decision making process

Internal

Processing and Behavioural Risk

Problems with service or product delivery caused by failure of internal controls, information systems, employee integrity, or by errors and mistakes, or through weaknesses in operating procedures

Internal

Project Management Risk

Failure to plan and manage the resources required for achieving tactical project goals, leading to budget overruns or time overruns or both, or leading to failure to complete the project. Also the technical failure of a project or the failure to manage the integration aspects with existing parts of the business and the impact that changes can have on business operations

Internal

Reputation Risk

The negative effects of public opinion, customer opinion, market reputation and the damage caused to the brand by failure to manage public relations

Both

Supply Chain Risk

In most organisations there are a number of component parts that make up the final organisational deliverable. The failure of a single, critical, supplier may have untold effect on the organisation

External

Technology Risk

Failure to manage and monitor the performance of technology related projects, products, services, processes, staff and delivery channels

Internal