Risk Assessment ≠ Risk Analysis

One distinction between "risk management" in the USA and the rest of the world was - and maybe to a degree still is - the different meanings of "anaysis" and "assessment".

For the United States: "Assessment = Analysis"

For the rest: "Assessment = Identification + Analysis + Evaluation"

Aligned with the Intenational Risk Management Principles and Guidelines (ISO 31000)

• Context and Identification are about nailing your risk issues by focusing on their consequences in relation to "the things you value" (objectives).
• Analysis is about premising the likelihood of those consequences (given the effectiveness of current controls).
• Evaluation involves judgment of acceptability.

To help address this issue and add some value to those who may want to consider it, we have developed a risk assessment tool which is aligned with the International Risk Management Standard, easy to use, inexpensive and works on Excel software as old as 1997 - or the most recent version.

The structure of the tool fully aligns with the structure of the ISO 31000 process.

More information on how the Risk Assessment Tool works is available by downloading this pdf.

We are please to make this immediate download available for the SALE price of only US$14.95