There have been many different attempts to classify risks, from the simple to the extremely complex. At the simple end of the spectrum is the basic breakdown of banking risk into credit risk, market risk and operational risk. More complex classification systems are intended for use as the basis of Enterprise Risk Management or other comprehensive risk management exercises.
The rationale for attempting to classify risks is that in order to manage your risks effectively you have to know what they are, and a risk classification system is necessary in order to do this. It can provide a basis for both identification and control, two essential parts of the risk management process.
A comprehensive risk classification system can provide an overall framework for risk identification: simply go through each risk, one by one, and work out where and how it can arise in your organisation. Sometimes there are problems of definition, in that it is not clear exactly how to classify a particular risk that you identify, but having a comprehensive system helps to ensure that you don’t double count any risks.
Control and mitigation can also be helped because risks that are classified in the same way are often susceptible to similar control and mitigation techniques.
The following external links are relevant: