Why is risk assessment important?

Risk is the one element that lurks in the background of all businesses, impacting them in some form or fashion. When defining objectives, it is always important for a business to calculate risk and determine the amount of risk they are willing to accept.

What is a risk assessment?

Risk assessment is a critical element for your credit union.  Since risk is present in all facets of life but especially business, it is important to understand what risks the credit union faces so it better understands how to mitigate that risk.  Risk assessments can be summarized in the following key steps:

1) Define potential risk areas

The first step in the process is to define what the credit union does operationally, then it can begin to highlight potential risks that affect those areas.  This is an important step as it helps cast light on financial, operational and compliance matters. Some common examples of business processes include Lending, Member Shares, Human Resources; Information Technology and Corporate Governance.

2) Development of a qualitative scale

The best way to measure risk is by finding a way to quantify it.  Many credit unions use simple qualitative scales to determine high, medium and low risk values.  These scales can be as simple as high, medium or low, or could incorporate a numerical scale, for example a 1 to 5, with 1 being the lowest, and 5 being the highest risk.

3) Development of factors that influence risk

In a credit union, there are a number of factors that influence risk. Some of these factors include quality of staff; prior audit/regulatory findings; quality of internal controls; reputation risk, cyber risk and regulatory risk.

Since it is not feasible to examine every area of the business, management must diligently work to define what key risks affect the credit union.  The risk assessment is a viable tool for management and the Board of Directors to focus its attention and allocate resources. By taking these measures the management and the Board can define and manage the amount of risk it is willing to accept.