Notes for BCM Institute's Course Participants: This is the template for completing the "Part 3: RAR – Risk Impact and Likelihood Assessment."
Building upon the threat scenarios identified in Part 1: RAR – List of Threats, this section evaluates each threat in terms of its potential impact on various critical areas of the organisation, including financial performance, operational continuity, legal and regulatory compliance, reputation, social responsibility, human resources, and technology assets.
By assessing both the severity (impact) and the probability (likelihood) of each threat, the organisation is better positioned to prioritise risks and allocate resources effectively.
This structured approach follows the guidelines provided in BCM Institute’s framework and aligns with industry best practices in business continuity and operational resilience.
The resulting Risk Rating and Risk Level for each threat will inform the development of appropriate mitigation strategies and business continuity measures, ensuring that Boost Bank remains resilient in the face of diverse challenges.
Below is a sample RAR - Risk Impact and Likelihood Assessment Table for Boost Bank Malaysia. The values (e.g., scores, likelihoods) are hypothetical but grounded in best practices and risk management logic.
Table R3: Risk Impact and Likelihood Assessment
|
Threat |
Impact Area - Finance |
Impact Area - Operations |
Impact Area - Legal & Regulatory |
Impact Area - Reputation & Image |
Impact Area - Social Responsibility |
Impact Area - People |
Impact Area - Assets/ IT Systems/ Information |
Risk Impact Area (Highest Score) |
Risk Likelihood |
Risk Rating (Impact x Likelihood) |
Risk Level |
Expected Period of Disruption |
|
Cyberattack (e.g., ransomware) |
4 – High |
4 – High |
3 – Moderate |
4 – High |
2 – Low |
3 – Moderate |
5 – Very High |
5 (Assets/IT Systems/Info) |
4 – Likely |
20 |
High |
> 5 days |
|
System Outage / Downtime |
3 – Moderate |
5 – Very High |
2 – Low |
4 – High |
1 – Very Low |
2 – Low |
4 – High |
5 (Operations) |
5 – Very Likely |
25 |
High |
1–3 days |
|
Data Breach |
4 – High |
3 – Moderate |
5 – Very High |
5 – Very High |
2 – Low |
3 – Moderate |
5 – Very High |
5 (Legal & IT) |
3 – Possible |
15 |
Medium |
3–5 days |
|
Natural Disaster (e.g., flood) |
4 – High |
5 – Very High |
3 – Moderate |
4 – High |
4 – High |
4 – High |
4 – High |
5 (Operations) |
2 – Unlikely |
10 |
Medium |
> 5 days |
|
Insider Threat / Fraud |
4 – High |
3 – Moderate |
4 – High |
3 – Moderate |
1 – Very Low |
2 – Low |
4 – High |
4 (Finance/Legal) |
3 – Possible |
12 |
Medium |
1–3 days |
|
Regulatory Non-Compliance |
2 – Low |
2 – Low |
5 – Very High |
3 – Moderate |
1 – Very Low |
1 – Very Low |
2 – Low |
5 (Legal & Regulatory) |
3 – Possible |
15 |
Medium |
< 1 day |
|
Third-party Service Provider Failure |
3 – Moderate |
4 – High |
2 – Low |
3 – Moderate |
1 – Very Low |
2 – Low |
4 – High |
4 (Operations/IT) |
4 – Likely |
16 |
High |
1–3 days |
|
Pandemic / Epidemic |
4 – High |
3 – Moderate |
3 – Moderate |
3 – Moderate |
5 – Very High |
5 – Very High |
3 – Moderate |
5 (People) |
2 – Unlikely |
10 |
Medium |
> 5 days |
|
Power Failure |
2 – Low |
4 – High |
1 – Very Low |
2 – Low |
1 – Very Low |
1 – Very Low |
3 – Moderate |
4 (Operations) |
4 – Likely |
16 |
High |
< 1 day |
|
Physical Security Breach |
3 – Moderate |
2 – Low |
3 – Moderate |
2 – Low |
1 – Very Low |
3 – Moderate |
3 – Moderate |
3 (Finance/Legal/People) |
2 – Unlikely |
6 |
Low |
< 1 day |
The risk impact and likelihood assessment conducted in this chapter provides a comprehensive understanding of the key threats facing Boost Bank Malaysia.
The analysis highlights that cyberattacks, system outages, data breaches, and third-party service failures represent the highest risks to the organisation, given their significant potential to disrupt operations and compromise information security.
By quantifying these risks and identifying their most affected impact areas, Boost Bank can better prioritise its business continuity planning efforts. The results from this assessment will serve as the foundation for developing targeted risk mitigation strategies and continuity measures, as outlined in subsequent sections of the Business Continuity Plan (BCP).
This proactive approach ensures that Boost Bank remains well-prepared to respond effectively to disruptions, maintain regulatory compliance, protect stakeholder interests, and uphold customer trust in a rapidly evolving digital banking environment.
| Safeguarding Digital Finance: Boost Bank's Approach to Business Continuity Management | ||||||
| eBook 3: Starting Your BCM Implementation |
||||||
| MBCO | P&S | RAR T1 | RAR T2 | RAR T3 | BCS T1 | CBF |
| CBF 1: Customer Transactions and Payment Processing | ||||||
| DP | BIAQ T1 | BIAQ T2 | BIAQ T3 | BCS T2 | BCS T3 | PD |
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
|
Please feel free to send us a note if you have any questions.
|
||