Professional Documents
Culture Documents
Q MS – P ro c ed u re M a n u a l CONTROL STATUS
CONTROLLED COPY
Change History 1.Rev 01 dt 07.02.2022_ New structuring of Document with provision to monitor revisions
2. Rev 02 dt 15.09.2023_ Review date & Next review due date monitoring added in the document
Responsibility:-
Driven by top management
Responsibilities of the risk assessment process are assigned to those parties that can provide meaningful
perspective on relevant risks.
Frequency:-
1. Review of all risks to be done once a year
2. After an organizational incident
3. Introduction or revision of processes, products, infrastructure.
4. In case of changing economic scenario.
Identify
Determine Assesment
Identify events that Assesment
Determine risk of residual
relevant could affect of Likelihood
risk response impact and
business the and impact
tolerance after likelihood of
objectives achievement of risk
evaluation the risks
of objectives
1.1 Risk assessment activities shall be initiated for relevant business objectives. These will provide a
basis for subsequently identifying potential risks that could affect the achievement of objectives, and
Change History 1.Rev 01 dt 07.02.2022_ New structuring of Document with provision to monitor revisions
2. Rev 02 dt 15.09.2023_ Review date & Next review due date monitoring added in the document
ensure the resulting risk assessment and management plan is relevant to the critical objectives of the
organization.
1.2 Objectives shall be defined at various levels of the organization (e.g., functional, location, organization
-wide).
1.3 The scope of the risk assessment may focus on objectives that are related to strategy, operations,
compliance, and/or reporting. Once the scope has been agreed and the relevant objectives identified,
it is important to understand how these fit in with the strategy and how much risk the organization is
willing to assume in pursuit of these objectives.
1.4 The focus on business objectives helps ensure relevance and facilitates the integration of risk
assessments across the organization.
2.1 Based on the organization’s objectives, or the objective under consideration, the designated owners
of the risk assessment should develop a preliminary inventory of events that could impact the
achievement of the organization’s objectives or the objective under consideration.
2.2 “Events” refers to prior and potential incidents occurring within or outside the organization that can
have an effect, either positive or negative, upon the achievement of the organization’s stated
objectives or the implementation of its strategy and objectives.
2.3 Various distinctions or categories of common event types can help initiate the identification process. A
review of the external environment helps identify outside events that may have impacted the
organization’s shareholder value in the past or may impact it in the future. Drivers to consider include
economic, social, political, technological, and natural environmental events, which can be identified
through external sources such as media articles, analyst and rating agency reports, and insurance
broker assessments.
2.4 A review of the organization’s internal processes, people, technology, and data also helps identify
further events.
2.5 Customer grievances, customer feedback, incident of health and safety, internal audit results, key
performance indicators also provide strong inputs for identifying possible events.
2.6 Ensure availability of data for the above
3.1 Risk tolerance is the acceptable level of variation relative to the achievement of a specific objective,
and should be weighed using the same unit of measure applied to the related objective.
3.2 Risk tolerance considers the relative importance of objectives and aligns with risk appetite.
Risk appetite must be clearly defined and reflected in risk tolerances and risk limits to help ensure that
organizational objectives can be achieved.
3.3 Risk tolerances should be defined for each key risk type. Looking at the tolerances for multiple
objectives such as customer retention and cost containment, management is better able to allocate
resources to ensure reasonable likelihood of achieving outcomes across multiple objectives.
Change History 1.Rev 01 dt 07.02.2022_ New structuring of Document with provision to monitor revisions
2. Rev 02 dt 15.09.2023_ Review date & Next review due date monitoring added in the document
Change History 1.Rev 01 dt 07.02.2022_ New structuring of Document with provision to monitor revisions
2. Rev 02 dt 15.09.2023_ Review date & Next review due date monitoring added in the document
High 3 AVOID
2.8
2.6
2.4 O1
IMPACT 2.2
Medium 2
1.8
1.6
1.4
1.2
Low 1 ACCEPT
1 1.2 1.4 1.6 1.8 2 2.2 2.4 2.6 2.8 3
low MED HIGH
LIKELIHOOD
Change History 1.Rev 01 dt 07.02.2022_ New structuring of Document with provision to monitor revisions
2. Rev 02 dt 15.09.2023_ Review date & Next review due date monitoring added in the document