Risk Impact and Likelihood Assessment (RAR) is a critical component of Business Continuity Management (BCM) as it enables an organisation to systematically identify, analyse, and prioritise risks that may disrupt critical business functions.
For MINDS, whose mission focuses on providing lifelong support, care, education, and community inclusion for persons with intellectual disabilities, disruptions can have direct consequences on service users’ safety, wellbeing, regulatory compliance, and public trust.
This chapter applies the RAR methodology to assess key threats relevant to MINDS’ operating environment. Each threat is evaluated across multiple impact areas, including finance, operations, legal and regulatory obligations, reputation, social responsibility, people, and assets/IT systems.
The assessment considers both severity of impact and likelihood of occurrence, enabling MINDS to determine overall risk ratings, prioritise mitigation strategies, and strengthen organisational resilience.
Table R3: Risk Impact and Likelihood Assessment
|
Threat |
Impact Area - Finance |
Impact Area - Operations |
Impact Area - Legal & Regulatory |
Impact Area - Reputation & Image |
Impact Area - Social Responsibility |
Impact Area - People |
Impact Area - Assets/ IT Systems/ Information |
Risk Impact Area (Highest Numeric Score) |
Risk Likelihood |
Risk Rating |
Risk Level |
Expected Period of Disruption |
|
Pandemic / Infectious Disease Outbreak |
Increased medical, staffing, and contingency costs |
Severe disruption to residential, day care, and training services |
High (MOH / MSF safe management compliance) |
High |
Very High – vulnerable service users affected |
Very High – staff and residents’ health risk |
Moderate (remote systems strain) |
People |
Likely |
Very High |
Extreme |
Weeks to months |
|
Prolonged Power Outage |
Moderate financial loss due to generators and repairs |
Disruption to care routines and facilities |
Moderate (safety obligations) |
Moderate |
High – essential care services interrupted |
High – safety and wellbeing risks |
High – IT and medical equipment affected |
Operations |
Possible |
High |
High |
Hours to days |
|
Cyberattack / Data Breach |
High remediation and potential penalties |
Disruption to administrative and care systems |
High (PDPA non-compliance) |
High |
Moderate |
Moderate – staff workload stress |
Very High – sensitive client data compromised |
Assets / IT Systems |
Possible |
High |
High |
Days to weeks |
|
Manpower Shortage / Industrial Action |
Increased overtime and agency staff costs |
Inability to maintain service levels |
Moderate (service delivery obligations) |
Moderate |
High – care continuity affected |
Very High – staff burnout |
Low |
People |
Likely |
High |
High |
Days to weeks |
|
Fire at Residential or Training Facility |
High repair and relocation costs |
Immediate shutdown of affected facility |
High (fire safety regulations) |
High |
Very High – client safety and welfare |
Very High – injury or loss of life risk |
High – damage to facilities and systems |
People |
Unlikely |
Very High |
High |
Days to months |
|
Flooding / Water Damage |
Moderate repair and replacement costs |
Disruption to centres at ground level |
Moderate |
Moderate |
High – service interruption |
Moderate |
High – equipment damage |
Assets |
Possible |
Medium |
Medium |
Days |
|
Loss of Critical Third-Party Service Provider (e.g. transport, catering) |
Moderate replacement costs |
Disruption to daily routines |
Low |
Moderate |
High – affects service users’ daily needs |
Moderate |
Low |
Operations |
Possible |
Medium |
Medium |
Days |
|
Regulatory Breach / Non-Compliance |
High fines and corrective costs |
Disruption due to investigations |
Very High |
High |
Moderate |
Moderate |
Low |
Legal & Regulatory |
Unlikely |
High |
High |
Weeks |
|
IT System Failure (Core Care / HR / Finance Systems) |
Moderate financial impact |
High operational inefficiency |
Moderate |
Moderate |
Moderate |
Moderate |
Very High – system downtime |
Assets / IT Systems |
Possible |
High |
High |
Hours to days |
|
Reputational Crisis (Negative Media Coverage) |
Loss of donations and funding risk |
Indirect operational impact |
Moderate |
Very High |
High – public trust erosion |
Moderate |
Low |
Reputation & Image |
Possible |
High |
High |
Weeks to months |
The Risk Impact and Likelihood Assessment highlights that people-centric risks, particularly those affecting service users, caregivers, and frontline staff, pose the greatest potential impact to MINDS.
Threats such as pandemics, manpower shortages, facility incidents, and cyber threats carry high to extreme risk levels due to their ability to disrupt essential care services and compromise client safety, data protection, and regulatory compliance.
By understanding the highest-impact areas and expected periods of disruption, MINDS can prioritise risk treatment strategies such as workforce resilience planning, infection control measures, IT system redundancy, third-party contingency arrangements, and crisis communications planning.
This structured RAR forms a vital input into subsequent BCM activities, including risk mitigation, Business Impact Analysis (BIA) alignment, and recovery strategy development, ensuring MINDS remains resilient while continuing to fulfil its social mission.
|
Implementing Business Continuity Management for MINDS:
Ensuring Continuity of Care and Services
|
||||||
| eBook 3: Starting Your BCM Implementation |
||||||
| MBCO | P&S | RAR T1 | RAR T2 | RAR T3 | BCS T1 | CBF |
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
|
Please feel free to send us a note if you have any questions. |
||