[BCM] [CGC] [E3] [RAR] [T3] Risk Impact and Likelihood Assessment

Part 3: RAR – Risk Impact and Likelihood Assessment

In the realm of crisis management and business continuity, effective risk assessment is the cornerstone of strategic preparedness.

This chapter—Part 3: RAR – Risk Impact and Likelihood Assessment—guides practitioners through the systematic evaluation of risks by examining both their potential impact and the likelihood of occurrence.

By quantifying and prioritising risks, organisations gain the clarity needed to allocate resources wisely, strengthen their risk posture, and enhance resilience.

This section introduces key assessment criteria, risk rating matrices, and practical approaches to calibrate and contextualise threats in alignment with organisational objectives and risk appetite.

This is the structured Risk Impact & Likelihood Assessment table for Credit Guarantee Corporation Malaysia, based on threats selected from Part 1: RAR – List of Threats.

Notes on Table Structure

1. Impact Scores range from 1 (Low) to 5 (Very High), per impact area.
2. Risk Impact Area identifies the category with the highest numeric score.
3. Risk Likelihood levels—Low, Medium, High—reflect probability based on historical data and expert judgment.
4. Risk Rating is calculated as the sum of all Impact Area scores multiplied by a Likelihood factor (e.g., 1=Low, 2=Medium, 3=High).
5. Risk Level is determined using thresholds (e.g., 1–9 = Low, 10–17 = Moderate, 18–24 = High, 25+ = Extreme).
6. Expected Period of Disruption indicates a realistic timeframe for business interruption.

What You Can Do Next

• Review & Adjust: Align impact and likelihood scores with CGC Malaysia’s experience, internal data, and expert assessment.
• Customise: Add or remove threats based on local/regional context.
• Validate Thresholds: Ensure Risk Rating thresholds fit your organisation’s risk appetite and governance framework.
• Link Back: Use the detailed guidance at BCMpedia for definitions, scoring advice, and scenario considerations

Summing Up ...

A well-executed Risk Impact and Likelihood Assessment enables organisations to transition from reactive to proactive risk management.

Through structured analysis and scoring, decision-makers can identify which threats demand immediate attention and which require ongoing monitoring.

As demonstrated in this chapter, the RAR process not only informs risk prioritisation but also lays the groundwork for developing effective mitigation strategies and continuity plans.

With a clear understanding of both impact and likelihood, organisations are better equipped to navigate uncertainties and sustain operations in the face of potential disruptions.