CAF risk identification

The risk identification of the compliance application frame serves to record the existing and latent risks affecting company objectives and sub targets, or the dangers, causes of damage and potential for interfering potential. To this end, all areas of activity are regularly and systematically examined, all risks are recorded and systematized according to areas of monitoring, the nature and extent of the threat as well as the influence on the risks.

The risk identification of operational risks, consisting of operational risks and legal risks, must include all activities, their work equipment and the supporting IT systems. The same applies to the data and information flows serving as a basis for decision-making.

To enable structured risk identification, a process-related approach should be selected in the first step. This ensures a secure system, especially when recording and compiling core processes. The second step is to include cross-process activities.

next