You may make any reasonable assumptions and limitations of your analysis and review but they must be explicitly stated. These could include existing and historical data and occurrences, additional information and statements about the bank and its operations.
As part of the risk analysis and review process undertaking the following activities :
Identify the main risk and impact categories confronting the organization
For example: financial, operations, regulatory, etc. Devise an appropriate multi-level impact category (VH/ H /M /L/ VL) and state what each of these mean for each of the identified risk categories.
The following provides a probable outcome of such undertaking
| Impact | Remarks | |||||
| Risk | Very High | High | Medium | Low | Very Low | |
| Financial | ||||||
| Operations | ||||||
| Regulatory & Legal | ||||||
Brainstorm and establish a list of probable threats confronting the organization and which could have BC implications. Rank this list via a rating system agreed among your risk team.
The following could be a probable outcome of such an exercise
| Ranking of Threats |
Overall Ranking (Very High, High Medium, Low, Very Low) |
||||||
| Threats | Very High | High | Medium | Low | Very Low | Remarks | |
| Fire | |||||||
| Pandemic | |||||||
From your table established above brainstorm and estimate the probable duration of disruption for each threats. What could you conclude about the threats occurrence to the given organization in terms of duration?
|
|