The identification and evaluation of risks is a key element in the risk management strategy. A detailed risk audit has to be carefully carried out in order to get a fair and true view of the risks that may threaten the survival of the company and to draw a comprehensive risk mapping, that will serve as an indispensable background to all further actions with regard to risks.

Therefore a rigorous method is needed to define risks appropriately by identifying potential impacts, triggers and accelerators that influence the "value" of a risk:

• INDICATORS point out the impact that a risk can have in various dimensions, assessing each risk with regard to its strategic importance, qualitative and quantitative aspects, duration, etc.
• TRIGGERS are the factors, that can lead to a risk materialising, for example a lack of control or awareness, the quality of evaluation, etc.
• ACCELERATORS are the factors, that influence the extent of the damage and have an effect on the response to risk, among these we can identify the detection time, the dynamics between events, the way a crisis is handled,etc.

Additionally a review of existing measures and processes is necessary to mitigate the identified risks . Once these two intermediate results have been compared, any gap that may exist will be identified and treated with selected measures.

This enables us to model the risks in a qualitative manner and to

• Define priorities
• Outline necessary measures
• Estimate the costs
• Determine the needs for action
• Establish a reporting system

The major concerns of companies are:

• Completeness of risk inventory
• True value calculations for potential impacts
• Accuracy of probability assumptions
• Origins of risks