Organizations are subject to threats as a part of everyday operations. Threats emanate both internally and externally and surface in different ways. More recently, major severe weather events, terrorism, and virus epidemics continue to pose as prime threats to organizations. It is important that organizations build Organizational Risk and Threat Profiles to begin the process of targeting attention, resources, and mitigation strategy as part of being more resilient.
Organizations are increasingly seeing the benefits of implementing an integrated risk, threat management approach. An important first step in pursuing integrated risk management is for an organization to develop a risk profile, often referred to as a corporate risk profile. A corporate risk profile addresses elements such as key risk areas (e.g., strategic, operational, project), strengths and weaknesses of the organization, opportunities and threats, risk tolerance levels, and linkages between different levels of risks. A corporate risk profile can be prepared for a specific department, agency, or sector/branch, depending on the scope of its mandate and operations. The challenge is to ensure that risk management is aligned at the various levels of the organization.