Identifying the Threats & Risks
To achieve the ultimate goal for business continuity management, i.e. business resilience, requires that we understand and treat the threats which could seriously disrupt the “business as usual” state we too often take for granted.
Business resilience ensures that we can not only respond efficiently and effectively to adverse situations, we are also able to reduce unplanned downtime and reduce the likelihood that bad things will occur in the first place.
Teed offers three types of risk management solution; BC Risk Assessment, ICT Risk Assessment and RCSA (risk and control self assessment).
BC Risk Assessment
We can conduct a BC Risk Assessment to identify those threats faced by your organisation which, if they materialised, would cause significant impact. We use a mixture of interviews, workshops and observation to conduct the assessment. The way that you are currently managing the identified threats is analysed and recommended solutions are proposed where risk exposure is uncovered. A clear and concise report is produced for management to make them aware of any risk exposures found and to allow them to decide on how to deal with these. The assessment helps to inform the organisation’s risk management system and corporate risk register where applicable.
ICT Risk Assessment
If your main concern is the potential risk exposure in relation to information and communication technology, then we can conduct an assessment which focuses only on this area rather than the wider business continuity threats.
The wide risk experience of our consultants allows us to explore not just business continuity related risks but also the wider risks faced by the organisation, such as financial and strategic risks. For this we use a technique known as RCSA (risk and control self assessment). RCSA involves running workshops to identify:
- the organisational objectives
- the threats to those objectives being met
- the risk controls used to manage each threat
- the effectiveness of the risk controls (using a red, amber, green (RAG) rating)
- actions to take to move the risk controls to green.
The output from RCSA feeds an ongoing management process which allows the top threats to the organisation to be reported to, and monitored by, the board in line with their corporate governance obligations.