What are the different types of risk facing my organisation?

The main types of risks to consider are project, operational and strategic risks. These are different and require different documentation and management:

  • Project risks are risks arising from a particular programme or project and should be managed as part of the governance for that activity, regularly reviewed and monitored
  • Operational risks are internal risks and usually are predictable, therefore you can do something to reduce their likelihood and occurrence. You then need to ensure that the management actions are actually implemented and are effective
  • Strategic risks are likely to be the big issues such as reputational risk, or the risk that the organisation may fail to deliver on a major strategic aim. They are also likely to be external events with high impact which you cannot control and therefore you have to consider how you will respond to them if they happen. A good risk assessment process will analyse these risks to get to the root cause and then consider appropriate management responses

Want to discuss further?

Jonathan Orchard


Arlene Clapham

Risk & Assurance Manager

More from this service area?