Skip over navigation

Case studies

Software

Reference library

About us

News desk

Systems image - folders in an office cabinet

		Service Lines

		Risk management processes

			ERM Process

			Total Risk Profiling

		Risk assurance and communication

		Risk appetite

		Business resilience

		Project risk management

		Workshop facilitation

Services > Risk management processes > Total Risk Profiling

Total Risk Profiling - Process Overview

"A company’s objectives, its internal organization and the environment in which it operates are continually evolving and, as a result, the risks it faces are continually changing. A sound system of internal control therefore depends on a thorough and regular evaluation of the nature and extent of the risks to which the company is exposed. Since profits are, in part, the reward for successful risk-taking in business, the purpose of internal control is to help manage and control risk appropriately rather than to eliminate it."

This quotation, taken from the UK’s Turnbull Committee guidance on corporate governance, puts the management of risk into the proper context of entrepreneurial business activity. It serves to emphasize both the upside and downside of risk, and the fact that businesses prosper by daring to take calculated risks. Stakeholders want assurance that the risks being taken by business managers are the right ones, and that the managers are maintaining control of the risks they choose to take. Enterprise Risk Management is concerned with the process of understanding and controlling business risks to achieve appropriate rewards, and with clearly demonstrating that the process is working effectively.

In TRP, "Total" refers to the scope of the risk analysis. Ideally, it should cover all types of risk, pure and speculative, in a consistent way. Problems of consolidation and interaction can arise later if operational, strategic, financial, and reputation risks are handled separately by different methods. This often happens, because different experts are used independently by different departments in a company. "Total" does not mean that every risk is identified. Anyone who ignores the residual risk of a completely unexpected event or combination of circumstances is mistaken. The TRP methodology has several features designed to ensure that risk identification is as comprehensive as humanly possible, but it can never guarantee to find all risks.

"Risk Profiling" means plotting the catalogue of assessed risks onto a simple two-dimensional matrix of impact -v- likelihood. A stepped boundary line on this matrix is used to differentiate between tolerable risks and those that need action because they cannot be tolerated under present circumstances. Actions are prioritized according to distance above the boundary line, with the higher loss potentials coming before minor ones. The simplicity of this risk profile is its greatest virtue. The ability to represent the full spectrum of an organization’s risks on a single diagram makes the risk profile a powerful communication tool that satisfies the need for transparency in the risk management process.

Total Risk Profiling in action

Before changes

After changes

Software tools are available to support the risk profiling process, results management and process reporting. Click here for further information on ProfilerLive

Case studies

Risk process development and training »

Embedded risk management »

Introducing a fresh approach to risk mapping »

Articles

Taking full advantage of enterprise-wide risk management »

Practical application of quantitative technique to enterprise risk management »

Defining and managing the cost of risk

Summary sheet download

To print a PDF version of this summary please open the document below.

Risk management processes summary sheet »
(PDF)