What is the Objective of Risk Evaluation?

The objective of a risk evaluation is to determine the events that can adversely affect an organization and the damage that such events can cause. In this blog we will cover the approach and what some key findings in each step should be.

A structured approach to risk evaluation involves four steps:

1.     Asset and threat identification

Asset Identification:

    • List and categorize your corporate assets
    • Consider tangible, intangible, and transient assets
    • Ensure you have identified all of your assets

 

Threat Identification:

    • Policies and procedures
    • Manufacturing processes
    • Physical access security
    • Computer systems and networks
    • Marketing and customer interface

 

2.     Quantification of potential losses

    • Use of computer accounts
    • Let marketing assess the cost of finding new customers or restoring a tarnished reputation
    • Explore the effects of stock market valuation
    • Look at recent events in your company and others in your sector

 

3.     Assessment of vulnerabilities

    • Use historical data
    • Make subjective estimates
    • Apply a risk weighting system, and then calculate and rank from most serious to least. Risk = Impact x Probability

 

4.     Evaluation of solutions

There are many different ways to do this; here is one example:

    • Low probability, Low impact – Accept
    • High probability, Low impact – Manage
    • High probability, High impact – Reduce
    • Low probability, High impact – Plan

 

Though it is not likely you will remove all risk in the company, by conducting a structured approach to evaluate risk in your organization and concentrating on core business functions your company will be less likely to fall victim to a damaging risk.

 

About
Michael Herrera
Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.