The Risk management consists in a former phase of analysis, or assessment, which aims to identify the actual, or residual, risk in terms of probability of occurrence, of expected impacts and of available controls and in a latter phase of management, which aims to identify further measures needed to bring the risk value below the tolerance threshold, as defined by the organization.
Although the PIA definition mainly results in identifying the impacts to which an organization is subjected and therefore it should be formally limited to this phase, it is commonly acknowledged that the identification and monitoring phase of appropriate mitigation measures, formally included in the following management phase, is included in the impact assessment process.
Is PIA only an initial phase of risk management or even the process for managing following mitigation measures?
1 Risposte