Risk Management Components

Risk Management Components.

The four main components of any risk assessment are:

  • The Assets

The assets are any items of value to the organisation, such as people, information, and hardware. An asset is fundamentally something with worth—either immediate monetary value or something that ensures the business can run at peak potential or at an agreed-upon acceptable level.

  • Threats

Threats to the asset must be realistic and have an impact on the asset. Identifying a large number of threats is ineffective since many are irrelevant to the asset (e.g. threats to a Microsoft SQL database may not be applicable to an Oracle Database). Threats that are irrelevant will undermine the risk assessment’s credibility.

  • Vulnerabilities

The threats may be important, but if the infrastructure is not vulnerable (e.g., it has the necessary fixes in place to handle the danger) and/or it does not operate in an environment that the threats may access, the threat’s viability is decreased. These are the vulnerabilities.

  • Impact

The impact on business is an important metric. If a danger can threaten an asset but has little or no effect on the business’s operation or value, it should not be considered a risk. It should be noted that all of these components must be monitored to ensure that any changes are noticed and the risk model is changed to account for these changes. Week 4 will go through each of these components in greater depth.


ISO 31000 is a risk management standard.

As previously stated, ISO 31000 is intended for usage by a broad variety of stakeholders, including:

  • people in charge of risk management implementation in their organisation
  • individuals responsible for ensuring that an organisation manages risk
  • people who must conduct a risk assessment to manage risk for the organisation as a whole, within a specific region or activity,
  • and those who must evaluate an organization’s risk management techniques
  • Creators of standards, guidelines, procedures, and codes of practise that outline how risk should be handled (in whole or in part) within the context of these documents

ISO 31000 provides general standards on risk management principles and implementation which may include risk management options.