What is Risk Analysis & Review?
RA is the detailed analysis of risks, vulnerabilities (exposures) and probabilities and is a major component of the risk assessment. The end result of this RAR exercise is not to give organizations an impression that disaster can be avoided.
The RA and the Business Impact Analysis (BIA) are key fundamental elements of an organization’s BCM Program. The RAR is not the “end game” but rather a starting point in the BCM planning process. It is an industry recognized proven approach to help the organization determine what events they are vulnerable to, how these vulnerabilities can be addressed and where they can maximize the value of the dollars they spend on their BCM efforts. The real purpose of a RAR is mitigation or minimizing risks and threats to the people and assets.
Objectives
The objectives of the Risk Analysis and Review are to:
- Identify internal and external threats which may disrupt key organizational processes or operations.
- Estimate the likelihood that threats will materialize based on historical information and judgment of the knowledgeable individual.
- Identify and rank the value, sensitivity, and criticality of assets that could be affected should a threat materialize.
- Estimate the potential losses or damage that could occur if a threat materialized.
- Identify cost-effective actions to mitigate or reduce the risk. These actions can include implementing new policies, procedures, and technical or physical controls.
- Get approval on the recommendation of controls and move forward to BIA.
Tasks
The tasks to complete within the Risk Analysis & Review phase include:
- Identify exposure to internal and external threats and the likelihood of these threats occurring.
- Recommend preventive responses and escalation procedures in conjunction with crisis management implementation.
- Evaluate findings and prepare a status report and recommendation on safety/ prevention (if needed).
Expected Deliverables
The deliverables in a typical RAR phase are:
- Develop a comprehensive risk and threat profile of the organization.
- Provide recommendations for:
- Controls
- Immediate response procedures
- Security Risk Review
to be implemented to minimize the risks.
- Establish Key Disaster Scenario.
- Prepare a summary report of recommendations agreed with the Executive Management.
What Does Risk Analysis & Review Entail?
It is important that the risks and threats to an organization be analyzed and the controls implemented. The major considerations in the RAR process include:
Main Stages for RA Implementation
- Stage 1: Risk Identification
- Stage 2: Risk Analysis
- Stage 3: Risk Evaluation
- Stage 4: Risk Treatment
Reference
Goh, M. H. (2021). Analyzing & Reviewing the Risks for Business Continuity Planning. Business Continuity Management Planning Series (3rd ed.). Singapore: GMH Pte Ltd.
Extracted from "Chapter 3: What is Risk Analysis & Review?"
More Information About Blended Learning BCM-5000 [BL-B-5]
To know more about our blended learning program and when the next course is scheduled, feel free to contact our friendly course consultant colleagues via sales.ap@bcm-institute.org. They are the BL-B-3 Blended Learning BCM-300 ISO22301 BCMS Implementer and the BL-B-5 Blended Learning BCM-5000 ISO22301 BCMS Expert Implementer.
Please feel free to send us a note if you have any of these questions to sales.ap@bcm-institute.org |