|
Risk Assessment |
What is a risk assessment?
A risk assessment takes each threat to the organisation’s key processes in turn and assesses the current exposure of the organisation to it through identifying controls to prevent the threat occurring or limit its impact, making practical recommendations for control improvements.
What is meant by a “threat”?
A threat (or hazard) is anything that can go wrong or cause harm e.g. power loss, theft, explosion, flood, accident, sabotage etc. The impacts of threats materialising vary but they normally result in direct and indirect financial loss, in some cases reputation/brand damage and even, following severe incidents for which the organisation is unprepared, failure of the organisation to survive.
What is meant by a “risk”?
A risk consists of two components: -
– the likelihood or probability that a particular threat will materialise
– the impact or consequences that might result
Hence a risk is a measure of how likely a threat is to impact the organisation given the level of control in place to avoid or manage the threat.
What is meant by a “control”?
A control is a means by which the likelihood of a threat materialising or the impact of the threat should it materialise is reduced. Controls come in many forms but can include fire suppression systems, security access controls, an effective off-site data backup regime, manual workarounds for key processes, use of multiple offices to spread risk etc. Controls need to be cost-effective and appropriate to the risk faced
Why do I need a risk assessment?
A risk assessment is required to understand the threats which could materialise and the impact they would have on the organisation. By then reviewing the controls in place to minimise the impacts of the threats, the current exposure to each threat is understood and control improvements can be implemented or the risks accepted by senior management as deemed appropriate.
When should I conduct a risk assessment?
A risk assessment can be conducted at any time but are normally best performed following a Business_Impact_Analysis which serves to identify the key processes in the organisation and hence allows the risk assessment to target those key processes.
A risk assessment should also be performed when major organisational changes occur, such as the opening or closure of offices, mergers and acquisitions, the introduction of new processes, product lines or services etc.
How can Teed Business Continuity help?
We can assess the risks to your key processes or conduct a targeted risk assessment of your premises or computer facilities and suggest ways of better controlling any unacceptably high risks highlighted. Alternatively we can provide training for your staff so that they can conduct the risk assessments.
|
|
|
