John Hampton, who appears to have written way more on the subject of risk management than me, writes about the use of risk categories in this article published in Business Insurance http://www.businessinsurance.com/article/20091101/ISSUE0402/311019993
Mr. Hampton recommends against organizing risks into dozens of categories in favour of a simpler binary approach: those with risk owners and those that cross departmental lines. While I agree with his approach, it is just another valid way of doing it.
I always approached risk categorization much in the same way my old friend Mike Moghrabi used to reply to questions when he worked in a pizza parlour in high school:
Customer: How many slices are there in a medium?
Mike: How many do you want?
And there it is. In reality, like pizzas, there are lots of ways that you can carve up your risks into proper categories – a medium pizza traditionally has 8 slices but could have 16 or 32 or 64, and same goes for categorization.
I’ve observed that too often “consultants” will employ the same risk categories everywhere – I refer to these as the Basel Categories since they are usually the ones that work in banks. For example, market risk, credit risk and liquidity may be risk categories at a bank but should be sub-categories at a property management company or a mining company.
ERM is about using a common language, so pick categories and terms that make sense to your organization and which everyone understands.
Finally, if you get stuck, think about risk categories like a grocery list: meat, bread, produce are the categories, but sub-categories of meat include chicken, pork and beef. Once you get down to details like grain-fed-chicken-breasts, you’ve gone too far.