Print Article



While it might be unreasonable to expect those outside the RISK industry to understand RISK MANAGEMENT, regulators want the Board of directors, senior managers, compliance officers, and employees to UNDERSTAND RISK.

To help you, Comsure has the following key pointers
  1. Risk – is the potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability.
  2. Risk - is the intersection of assets, threats, and vulnerabilities.
  3. Risk - is a function of threats exploiting vulnerabilities to obtain, damage or destroy assets.

Accurately assessing threats and identifying vulnerabilities is critical to understanding the risk to assets.

When conducting a risk assessment, the formula used to determine risk is as follows:

  1. A + T + V = R
  2. Asset + Threat + Vulnerability = Risk.

You must understand the difference between these terms? If you don't understand the difference, you'll never understand the actual risk to assets.

  1. An asset is what we're trying to protect:
  • Asset – People, property, and information.
  • People may include employees and customers along with other invited persons such as contractors or guests.  Property assets consist of both tangible and intangible items that can be assigned a value.
  • Intangible assets include reputation and proprietary information.
  • Information may include databases, software code, critical company records, and many other intangible items.

2. A threat is what we're trying to protect the asset against.

  • Anything that can exploit a vulnerability, intentionally or accidentally,
  • The threat will obtain, damage, or destroy an asset.

3. A vulnerability is a weakness or gap in our protection efforts.

  • Weaknesses or gaps in operations and a governance, risk and compliance program can be exploited by threats to compromise an asset.

To learn more and find out how Comsure can assist you with your business risk assessments, including AML

Mathew Beale - Chartered FCSI

Principal (Director) - Comsure Compliance Limited, Comsure Technology Limited (the "Comsure Group of Companies")

No 1 Bond Street Chambers, St Helier, Jersey, Channel Islands, JE2 3NP

Direct Tel: +44 (0) 1534 626841 - Mobile Tel: +44 (0) 7797 747 490 - Skype: comsurecompliance -


The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email