No risk will necessarily sit within a well defined box. For example, a common 'hazard risk' might be a fire at a key site. But if that affected supply to customers then it could also prove to be an operational risk.
And if people were injured in the incident, there could also be reputational repercussions, bringing in the strategic risk aspects. There might also be a financial risk if the organisation had decided to run the risk of this loss on the balance sheet.
The best way to view risk holistically is to start at the other end - not with the risk but with the result. Looking at all the different factors that might have a major effect on an organisation's profitability and, indeed, survival and then working backwards to the potential causes could lead back to some unexpected elements which had found their way into the 'less important' boxes.
Hopefully, this is an exercise which most risk managers and their advisers will already be undertaking. If not, it might certainly prove an eye-opener for all involved.
