Business risk assessment approaches

Most risk management disciplines utilize a risk assessment to identify and prioritize threats, risks and failure scenarios. BCM is no different. Within BCM, a wide variety of risk management processes are used; most identify and prioritize risk using a combination of likelihood (probability) and severity (impact).

Other related topics:

Business Impact Analysis
Approaches to business impact analysis (BIA).
Business risk assessment
Common business evaluations

Recovery point objective
Data loss tolerance.

Recovery time objective
Recovery time after outage.

Business continuity questionnaires
Data collection instrument

In addition to likelihood and severity, another characteristic that may be factored into the prioritization effort is detectibility (will the organization have advance warning of the threat with enough time to react, or is there a control in place to prevent or mitigate this risk?).

An important distinction from other disciplines of managing risks is that BCM-related risk appraisals take into account risk mitigation controls.

Regardless of the process used to prioritize, a data-gathering process must be defined to obtain information regarding likelihood, severity and possibly detectibility. Data can come from a wide variety of sources. Historical research and interviews are two of the more effective data-gathering techniques for the risk appraisal.

Historical research is particularly strong for environmental and man-made threats. However, the likelihood and severity of risks often can be a “gut feel” based on experience and historical precedent. A number of online sources may be used to collect historical information regarding environmental risks.

One-on-one interviews with employees and facilitated group sessions are effective in identifying actual interruptions that have impacted the organization in the past, thus enhancing the reliability of likelihood and severity estimates.

The ultimate responsibility for data validation and the acceptance of conclusions resides with senior management, typically taking the form of a BCM steering committee.

Business risk assessment approaches are varied

Return to Business Competence - Homepage

Enter your E-mail Address
Enter your First Name (optional)

Don't worry — your e-mail address is totally secure.
I promise to use it only to send you Newsletter.