Business risk assessment approaches
Most risk management disciplines utilize a risk assessment to identify and prioritize threats, risks and failure scenarios. BCM is no different. Within BCM, a wide variety of risk management processes are used; most identify and prioritize risk using a combination of likelihood (probability) and severity (impact).
In addition to likelihood and severity, another characteristic that may be factored into the prioritization effort is detectibility (will the organization have advance warning of the threat with enough time to react, or is there a control in place to prevent or mitigate this risk?).
An important distinction from other disciplines of managing risks is that BCM-related risk appraisals take into account risk mitigation controls.
Regardless of the process used to prioritize, a data-gathering process must be defined to obtain information regarding likelihood, severity and possibly detectibility. Data can come from a wide variety of sources. Historical research and interviews are two of the more effective data-gathering techniques for the risk appraisal.
Historical research is particularly strong for environmental and man-made threats. However, the likelihood and severity of risks often can be a “gut feel” based on experience and historical precedent. A number of online sources may be used to collect historical information regarding environmental risks.
One-on-one interviews with employees and facilitated group sessions are effective in identifying actual interruptions that have impacted the organization in the past, thus enhancing the reliability of likelihood and severity estimates.
The ultimate responsibility for data validation and the acceptance of conclusions resides with senior management, typically taking the form of a BCM steering committee.
Business risk assessment approaches are varied
Return to Business Competence - Homepage