What are Risk Sources

What Are Risk Sources

Definition of Risk Sources

• Risk sources are entities, elements, or origins upon which risks arise.
• In risk management, risk sources are factors or elements that can give rise to risks (such as risk causes).
• They are the origins or root causes of risks as a result.
• Understanding risk sources is essential for effective risk assessment and mitigation. 
• A risk source exists as the "host" or "container" where risks manifest.
• So risks arise either in company resources (assets) or in business processes

Assets

• Risks arise in Assets (e.g., physical assets, financial assets, intellectual property, human resources) are not inherently risk sources but rather the targets or subjects of risk.
• Risks arise when threats, vulnerabilities, or hazards interact with these assets.
• A company's data, infrastructure, workforce, or financial resources can be considered risk sources.

Processes

• Risks arise in processes
• Processes are risk sources when they are inefficient, poorly designed, or mismanaged. For instance:
• Business processes prone to human error.
• Operational inefficiencies leading to delays or cost overruns.
• Lack of quality control causing defective products.

By identifying risk sources these sources, organizations can better assess and manage potential risks, ensuring more robust risk mitigation strategies. 

Risk sources when exposed to hazards, threats, or other events, give rise to risks.

Why It Is Important to Know the Sources of Risks

• Correctly identifying the sources of risk allows for a more accurate evaluation and the implementation of appropriate measures.
• Understanding these sources is crucial for effective risk assessment and mitigation.

Risk Sources vs Risk Causes

Definition of Risk Causes

• The factors, actions, or events that trigger a risk scenario or event.
• These are mechanisms or conditions that exploit the risk source, turning potential risks into actualized events.

Hazards

• Hazards are external or internal conditions that could cause harm, such as natural disasters, dangerous substances, or unsafe working environments.
• Hazards are considered direct risk sources, particularly in safety and environmental risk management contexts.

Threats

• Threats are active agents or events that can exploit vulnerabilities to cause harm, such as cyberattacks, fraud, or geopolitical instability.
• They are a primary source of risk, especially in information security and strategic contexts.

How to Manage Risk Sources in Aptien GRC

Tip: It's recommended to have a list of key processes and assets ready for selection.

1. Open the risk register.
2. Select a specific risk.
3. Go to the Details tab.
4. Select risk sources from the list (assets, processes).