The Five Layers of Risk

Michael Herrera

The impact of risks can vary widely from whom it affects to when it happens. When evaluating risk, it is easiest to look at them in five distinct layers. The layers range from what affects everyone, including your customers, in Layer 1 down to the processes performed by each individual in Layer 5. Let’s take a look at each Layer:

Layer 1 concerns external risks. These risks can close your business both directly and indirectly. Events such as natural disasters, like flooding and hurricanes, and risks from manufactured objects, such as railroads or airplanes. When these events occur they not only disrupt our own employees but also our customers and suppliers.

Layer 2 examines risks to your local facility. Risks like these can involve one or two buildings to everything at that site. They can be due to the way your office was constructed, results of severe weather, medical emergencies and also include basic service outages such as electrical power and telephone access to your building.

Layer 3 is your data systems organization. Throughout your organization there are computers sharing information and performing other functions. In addition to operations issues, loss of data can lead to legal problems. Data systems deserve their own layer since in most companies, if the computers stop working, so do the people.

Layer 4 is the individual department. Each department has critical functions to perform to meet its production goals and weekly assignments. Each department needs to identify the critical programs and tools needed to perform weekly tasks. These risks may not threaten the company’s primary functions, but over time can severally impact the overall performance.

Layer 5 is your own desk area. If you are unable to complete your tasks and do your job, it may not stop the company from operating, but it does add a lot of unnecessary stress to your life. Typically the risk assessment you perform on your own job will be more detailed, since you know more about it, making it easier for you to take time off and recover from the crisis.

By breaking down the type of crisis in to these five broad layers, you will now be able to plan for the potential crisis and will be able to properly prioritize their solutions.

About
Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.