Risk management in the portfolio consists of the following main tasks:
- Identification and classification describes and groups risks according to the portfolio criteria.
- Analysis includes evaluating the probability and impact of risks and prioritizing the risks as a whole as well as drawing conclusions on their criticality.
- Risk management measures attempt to eliminate risks, reduce the possibility of their occurrence or accept risks. The risks can sometimes be transferred to, for example, an insurer.
- Reporting includes a review of the situation of the risk portfolio, an evaluation and revision.
The risk management process may include interconnected processes or cycles at different levels. These may include, for example, the following:
The processes can be scheduled according to the annual calendar or they can start as a result of a certain event. The evaluation and approval by senior leadership must be included as part of the strategy process or annual reporting. For example, the evaluation of an investment project may trigger its risk assessment.
Individual risks are reviewed regularly so that reporting and decision-making in accordance with the cycle is possible. Risks may also be inspected continuously or whenever there is a change in the environment. In this case, the risk is updated and analysed, and the portfolio management process then guides the approval of the change. In this way, the risk portfolio always provides an up-to-date overall image.