Business Continuity Management | BCM

RAR 1: Overview of Risk Analysis & Review

Written by Moh Heng Goh | Mar 21, 2021 12:32:06 PM

Risk Analysis & Review Phase in the BCM Process

The Risk Analysis & Review (hereafter refer to as RAR) Phase is a significant part of BCM Planning because it is a structured process which assesses a range of factors (assets, threats, vulnerability, risks and controls) and assigns subjective or objective values to each. The RAR phase forges the direction of the overall BC plan.

RAR is the second phase of the BCM planning process. However, it is not uncommon to see other models that position Business Impact Analysis (BIA) before RAR. Although the order is not important in the BCM planning process, it is worthwhile to note that the focus may be different if the BIA is performed before the RAR.

Why Read This RAR Blog Series (Book)?

This RAR Blog Series (Book) will help you to prepare and perform a RAR for your organization. It will cover all the key components of RAR and every task that has to be undertaken to complete a RAR will be explained in details. You will learn to:

  • Identify the key components of a typical RAR process
  • Understand the interrelationships among threats and risks as they relate to BC Planning
  • Categorize threats within the organization
  • Tabulate RAR findings
  • Prepare RAR Report
  • Make a presentation to the Executive Management

Jargons

Before we proceed, it is essential to understand some key components, terms and definitions used in this book. Additional terms can be found in BCMPedia.

  • Threat is an indication or warning of probable man-made or natural situation that can cause disruption to an organization’s operations or services.
  • Risk is a hazard or chance of bad consequence or loss.
  • Risk Analysis is the separation of the whole into parts or elements of which it is composed, detailed examination of those elements, use of cause-and-effect tools for problem identification, examination to determine parts or elements of a situation and statement of examination results.
  • Risk Assessment is to set the amount of damage, loss, or value.
  • Risk Likelihood is the state of being probable or chance of a threat occurring.
  • Risk Impact is an outcome resulting from a threat that will impact an organization objectives or assets.
  • Risk Rating is the result of the multiplication of the assigned value for Risk Likelihood against the assigned value of Risk Impact.
  • Risk Treatment is the selection and implementation of appropriate options for dealing with risk.
  • Control is any action, procedure or operation undertaken by an organization to increase the likelihood of containing an identified risk. They are countermeasures for vulnerabilities. Controls may be physical or procedural.
  • Residual Risk is the remaining risk which cannot be defined in more detail after elimination or inclusion of all conceivable quantified risks in a risk consideration.
Views of the Author

This is perhaps the most difficult book in the entire BCM series. This is because it overlaps with numerous risk disciplines such as risk management, IT security risk assessment and (physical) security risk management. The scope of this book will focus on the Risk Analysis & Review pertaining to BCM planning, within the larger risk management domain.

 

Reference

Goh, M. H. (2021). Analyzing & Reviewing the Risks for Business Continuity Planning. Business Continuity Management Planning Series (3rd ed.). Singapore: GMH Pte Ltd.

Extracted from "Chapter 1: Overview"

More Information About Blended Learning BCM-5000 [BL-B-5]

To know more about our blended learning program and when the next course is scheduled, feel free to contact our friendly course consultant colleagues via sales.ap@bcm-institute.org.  They are the BL-B-3 Blended Learning BCM-300 ISO22301 BCMS Implementer and the BL-B-5 Blended Learning BCM-5000 ISO22301 BCMS Expert Implementer.

 

Please feel free to send us a note if you have any of these questions to sales.ap@bcm-institute.org