Risk assessment

from Wikipedia, the free encyclopedia

Risk assessment is the assessment of an individual risk or of the overall risk to which the risk taker is exposed, carried out by a risk taker or by a third party .


The existing risks can be subjected to a risk analysis and assessed by the risk bearer ( company , state with its subdivisions or private households ) or by third parties ( Federal Institute for Risk Assessment , Dekra , appraisers , TÜV , insurers or auditors ) . In a risk assessment, the existing or potential risk is assessed on the one hand with regard to the level of risk and the likelihood of occurrence and on the other hand with regard to its potential impact on the achievement of objectives . Goals are corporate goals for companies, national goals for states and personal goals for private households. At companies, the risk assessment takes place as part of risk management .

Risk management in companies includes risk assessment , risk management and risk communication , with risk assessment being subdivided into the sub-areas of risk identification , risk analysis and risk assessment. The Regulation (EC) no. 178/2002 of 28 January 2002 laying down the general principles and requirements of food law, establishing the European Food Safety Authority food safety and laying down procedures in matters of food safety defines risk assessment in Art. 3 no. 11 as " a scientifically substantiated process with the four stages of hazard identification, hazard description, exposure assessment and risk description ”.

Risk assessment in the broader sense includes assessing whether a risk is acceptable to the risk taker, which depends on the risk-bearing capacity and risk attitude.

Process flow

The risk assessment is preceded by the risk assessment . The risk assessment as the last stage of risk management deals with the evaluation of each individual risk by dividing the risks into risk classes. These represent a graded classification according to the level of risk, which reflects the effects of a risk on the company. The core of the risk assessment is the classification of all risks into low, medium and high risks (see also asset class ) with the help of standardized risk measures , whereby the low and medium risks can be classified as acceptable. The reference variable for risk assessment should always be an economic variable such as cash flow or EBIT .

The risk assessment is followed by the risk management. The risk classification thus represents the interface between risk assessment and risk management. It should be noted that the process of risk assessment is decisively shaped by the individual risk perception , because different people have different views of individual risks. In addition, selective perception must be taken into account. Depending on the “risk appetite”, the risk taker pursues risk avoidance in the case of risk aversion and is prepared to accept even high risks if he has an affinity for risk . In the case of risk neutrality , it is based solely on the mathematical expected value .

If the risk assessment shows that the remaining residual risk is greater than the greatest acceptable risk ( limit risk ), a further risk reduction must be carried out.


In banking , the risk assessment plays a role in the previous creditworthiness check (risk analysis), which must be carried out for all borrowers (companies, states and their subdivisions, counterparties , counterparties and private individuals). Also , financial analysis (such as the stock analysis or Bilanzanalyse ) are part of the risk analysis. The loan documents are before a credit decision examined as to whether an acceptable credit risk is present, through which the contractual repayment of the loan from the cash flow of the borrower or guarantor or from the utilization of collateral not appear at risk. The risk assessment ends with a rating (companies, countries) or credit scoring (private individuals), which condense the business figures derived from company data . Rating / scoring plays a central role as an instrument of risk assessment within the framework of Basel II , because it is suitable for providing the parameters required to determine the credit margin . The risk assessment is also carried out by ratings from rating agencies .


The KonTraG of May 1998 includes risk recording, risk identification, risk assessment, risk management and risk monitoring to the tasks of risk management in insurance . In insurance, the risk assessment precedes the insurance contract . The insurer checks - also to determine the insurance premium - the underwriting risk resulting from the insurance relationship. Among the risk here is uncertain and unavoidable, the random subjected to occurrence of a particular loss event understood. If an insurance company does not want to assume certain risks after a risk assessment has been carried out, it can include a risk exclusion in the insurance contract.

Risk management

Ultimately, the aim of risk assessment is risk management . If the risks deviate too strongly from the objectives of the risk taker, the risk taker must use instruments to manage the risk, namely, in addition to risk avoidance, alternatively risk reduction , risk diversification , risk transfer or risk prevention . These instruments serve to minimize, spread or diversify existing risks, to transfer them to third parties or to keep them and to hedge them in the balance sheet.

Literature / web links

See also

Individual evidence

  1. Fabian Ahrendts / Anita Marton, IT Risk Management Live , 2008, p. 133
  2. Robert Schmitt / Tilo Pfeifer, Quality Management: Strategies - Methods - Techniques , 2015, p. 363
  3. Werner Gleißner / Frank Romeike, Requirements for software support for risk management , in: Zeitschrift für Controlling & Management, 2005, pp. 154–164
  4. KPMG (Ed.), Integrated Risk Management , 1998, p. 21
  5. Jan Miksch, Security structures in PPP models from the perspective of the public sector, illustrated using the example of school building , 2007, p. 33
  6. Gerald Zickert, electrical construction , 2019, o. P.
  7. Horst Eidenmüller / Lutz Krämer, Internal and external rating , 2005, p. 157
  8. Hansueli Birchmeier, The cash flow statement as a management tool in insurance companies , 1978, p. 9
  9. ^ Jörg Freiherr Frank von Fürstenwerth / Alfons Weiß, VersicherungsAlphabet (VA) , 2001, p. 535