Assessment

Assessment

Stage two......Risk Assessment

Building a risk assessment framework begins with diagnosing the probability of an occurrence (outage) and the consequences (costs). 

The assessment is likely to identify costs linked to failures, such as loss of cash flow, replacement of equipment, salaries paid to catch up with a backlog of work, loss of profits, and so on. The report quantifies the importance of business components and suggests appropriate fund allocation for measures to protect them. The possibilities of failures are likely to be assessed in terms of their impacts on safety, finances, marketing, legal compliance, and quality assurance. Where possible, impact is expressed monetarily for purposes of comparison. For example, a business may spend three times as much on marketing in the wake of a disaster to rebuild customer confidence.

After risk identification, the organization must evaluative alternatives. There are three fundamental approaches for dealing with risks that are available:

First, risk avoidance and control involves all methods of reducing the frequency and/or severity of losses, including exposure avoidance, loss prevention, loss reduction and segregation of exposed units.

Second, an organization may opt to transfer risk through insurance or other methods.

Third, the organization may decide to accept the risk, effectively self-insuring and dealing with the consequences.

From a practical standpoint, an organization often may opt for multiple mixtures of these alternatives to address and/or mitigate their risk.

Risk assessment is about much more than cost.  It also involves estimating the benefits that can be realized by reducing expected risk.  As is the case with other business investments, the incremental benefit of every dollar invested is an important criterion in enterprise-wide, risk-based business continuity analyses.

On a positive note, risk management benefits organizations in ways that transcend risk recognition and resulting mitigation or acceptance.  The resulting insights are as important as the risk-related results.  Over and above the obvious rationales for risk assessment - achievement of business continuity/resiliency, insurance, regulatory, and stakeholder benefits objectives, there are side benefits. 

Risk assessment shines a bright light on current systems and functions, exposing opportunities for corrections, cost savings, redefinition, updates, modernization of operational processes, and realignment with organizational goals and objectives.  Today, more than ever before, there are significant opportunities for organizations to customize and leverage existing and emerging tools to optimize enterprise-wide risk management. 

Risk Assessment works in tandem with our Recovery Time Objective, Network Impact Analysis and Phase two.