The risk policy defines how your organization deals with risks.

Roles and Responsibilities

Who is liable for the risk decisions?

Who is responsible for the operation and limiting the risks?

Causes of risk

A risk can not exist without impact. If no effect is possible, this is not a risk.

• Statutory damages there may lawsuits or other legal consequences arising;
• Financial loss: it costs your company resources, eg fines directly or indirectly, eg loss of revenue;..
• Operational impact: can not function normally, the operational functions of the company, eg a system such as ERP is unavailable;.
• Reputation Damage: your company name or staff their reputation is damaged as mentioned in articles or use case.

Classification

How is a graded risk of default, there are three levels of risk.

• High: the survival of your business depends on it;
• On average there is a erntige impact on the results of your business;
• Low: there is a temporary impact that has no lasting impact on the company.

Probability

How likely is it that a risk materializes for your organization?

This can be determined by the difficulty to operate a risk, or the frequency within your industry ...

It is important to make a nuance here risks realistic to estimate:

• Certainly the risk has materialized in the organization;
• Probably these are also incidents that occur but did not lead to
• possible
• Unlikely
• Rare

Measures

The specific measures provided in this policy which the organization must comply.

PS: Please note for intramuros a paper version is often more convenient.