In today’s dynamic and complex operating environment, non-profit organisations like the Autism Resource Centre (ARC) must proactively manage risks that could disrupt their operations, undermine stakeholder trust, or jeopardise their mission to serve the autism community.
This chapter—Part 3: RAR – Risk Impact and Likelihood Assessment—aims to evaluate and quantify the potential threats facing ARC by analysing their impact across critical dimensions such as finance, operations, legal compliance, reputation, social responsibility, human resources, and IT infrastructure.
Through this structured assessment, each identified threat is systematically measured for its severity of impact and likelihood of occurrence, using a scoring model aligned with industry best practices.
The resulting risk rating and risk level provide ARC with a prioritised understanding of which risks require immediate attention and the potential disruption each could cause.
This analysis serves as the foundation for developing effective treatment plans and resilience strategies in subsequent risk management phases.
|
Threat |
Finance |
Operations |
Legal & Regulatory |
Reputation & Image |
Social Responsibility |
People |
Assets / IT / Info |
Risk Impact Area (Highest Score) |
Risk Likelihood |
Risk Rating |
Risk Level |
Expected Period of Disruption |
|
Cyberattack on ARC’s donor database |
3 |
3 |
4 |
5 |
3 |
2 |
5 |
5 (Assets/IT/Info) |
4 (Likely) |
20 |
High |
2–5 days |
|
Data breach of the beneficiary's personal info |
2 |
3 |
5 |
5 |
4 |
3 |
5 |
5 (Legal/IT/Reputation) |
3 (Possible) |
15 |
Medium-High |
1–3 weeks |
|
Fire in the ARC premises |
4 |
5 |
3 |
4 |
4 |
4 |
4 |
5 (Operations) |
2 (Unlikely) |
10 |
Medium |
2–4 weeks |
|
Pandemic outbreak affecting staff/clients |
4 |
5 |
3 |
4 |
5 |
5 |
3 |
5 (People/Operations) |
3 (Possible) |
15 |
Medium-High |
1–2 months |
|
Reputational damage due to staff conduct |
2 |
2 |
3 |
5 |
4 |
3 |
2 |
5 (Reputation) |
3 (Possible) |
15 |
Medium-High |
1–2 weeks |
|
IT system failed during service delivery |
3 |
4 |
2 |
3 |
2 |
2 |
5 |
5 (IT/Operations) |
4 (Likely) |
20 |
High |
1–3 days |
|
Non-compliance with PDPA / legal breach |
3 |
2 |
5 |
4 |
3 |
2 |
3 |
5 (Legal & Regulatory) |
2 (Unlikely) |
10 |
Medium |
2–4 weeks |
|
Loss of critical donor funding |
5 |
3 |
2 |
4 |
4 |
2 |
2 |
5 (Finance) |
2 (Unlikely) |
10 |
Medium |
1–2 months |
|
Disruption from external vendor failure |
3 |
4 |
2 |
3 |
3 |
2 |
3 |
4 (Operations) |
3 (Possible) |
12 |
Medium |
3–5 days |
|
Physical security threat/intruder |
2 |
3 |
3 |
4 |
3 |
4 |
2 |
4 (People) |
2 (Unlikely) |
8 |
Low-Medium |
1–3 days |
The risk impact and likelihood assessment provides ARC with a comprehensive overview of its threat landscape and the potential consequences of inaction.
High-risk scenarios such as cyberattacks, data breaches, and pandemic-related disruptions highlight critical vulnerabilities in ARC’s operational and technological domains.
Meanwhile, medium-level risks such as compliance failures, reputation incidents, and funding shortfalls underscore the importance of ongoing governance, staff conduct, and donor engagement.
By identifying and quantifying these risks, ARC is better positioned to make informed decisions regarding risk prioritisation, resource allocation, and mitigation planning.
This proactive approach not only strengthens organisational resilience but also safeguards the continuity of vital services delivered to the autism community.
The insights gained from this assessment will directly inform the treatment and control strategies detailed in the following chapters of the risk management framework.
Resilient Support: Implementing Business Continuity Management at Autism Resource Centre (Singapore) |
||||||
| eBook 3: Starting Your BCM Implementation |
||||||
| MBCO | P&S | RAR T1 | RAR T2 | RAR T3 | BCS T1 | CBF |
| CBF 1: Special Education Services (Pathlight School) | ||||||
| DP | BIAQ T1 | BIAQ T2 | BIAQ T3 | BCS T2 | BCS T3 | PD |
| CBF 3: Vocational Training & Employment Support (E2C) |
||||||
| DP | BIAQ T1 | BIAQ T2 | BIAQ T3 | BCS T2 | BCS T3 | PD |
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
|
Please feel free to send us a note if you have any questions. |
||