![eBook Cover [BCM] [SHINE] [E4] [2D]](https://no-cache.hubspot.com/cta/default/3893111/b83a94ea-b14e-4251-b109-c78bef103342.png)
Summary for Management Approval
Purpose of RAR Report
This report presents the consolidated results of the Risk Analysis and Review (RAR) conducted for SHINE’s twelve Critical Business Functions.
The Objective is to:
- Identify and validate key threats and vulnerabilities affecting SHINE’s mission-critical services
- Assess the effectiveness of existing controls and treatments
- Evaluate Risk impact and likelihood to determine priority risk areas
- Obtain management approval to accept, mitigate, or further treat identified risks
RAR Structure and Approach
The RAR was conducted using a three-part structured approach, documented in the following reference blogs:
|
RAR Part |
Description |
Reference |
|
Part 1 |
Identification of Threats |
[RAR T1] List of Threats |
|
Part 2 |
Existing Treatment and Control Measures |
[RAR T2] Treatment and Control |
|
Part 3 |
Risk Impact and Likelihood Assessment |
[RAR T3] Risk Impact & Likelihood |
This approach ensures risks are assessed end-to-end, from threat identification through to residual risk evaluation.
![[BCM] [SHINE] [RAR] Report](https://no-cache.hubspot.com/cta/default/3893111/4b663cfa-45ed-4baa-b9da-e63b977bf808.png)
Part 1: RAR - List of Threats
SHINE Children and Youth Services (SHINE) provides vital support to children and youth in Singapore.
To maintain operational continuity during unexpected events, it is essential to identify potential threats that could disrupt services.
Threats may arise from natural disasters, human activities, or internal operational challenges.
Part 1 provides a detailed assessment of threats at both the country and organisational levels to assist in risk management and business continuity planning.
![[BCM] [SHINE] [E4] [RAR] [CR] [T1] List of Threats](https://no-cache.hubspot.com/cta/default/3893111/c6061f64-cd7b-4ca3-b279-48615a0e0bf4.png)
The comprehensive identification of threats in this section forms the foundation for subsequent risk analysis, mitigation planning, and recovery strategy development for SHINE’s operations.
Part 2: RAR - Treatment and Control
Part 2 maps each key threat category to the corresponding existing and proposed controls, demonstrating SHINE’s readiness and ongoing efforts to mitigate operational and strategic risks.
![[BCM] [SHINE] [E4] [RAR] [CR] [T2] Treatment and Control](https://no-cache.hubspot.com/cta/default/3893111/b9275a74-99d9-4e05-82c0-7a55470f0252.png)
Effectiveness of Existing Controls (Part 2 – Treatment and Control)
Existing treatments include policies, SOPs, professional guidelines, governance oversight, IT controls, and contractual arrangements.
• Controls are generally adequate, particularly in:
○ Client safeguarding
○ Professional ethics and supervision
○ Governance and compliance reporting
• Opportunities for improvement were identified in:
○ Cross-training and role redundancy
○ Formalisation of backup arrangements
○ Documentation consistency across programmes
Integration between BCM, IT DR, and operational procedures
Part 3: RAR - Risk Impact and Likelihood Assessment
Part 3: RAR – Risk Impact and Likelihood Assessment, builds on the threat identification phase by evaluating each threat in terms of its potential consequences and likelihood of occurrence.
![[BCM] [SHINE] [E4] [RAR] [CR] [T3] Risk Impact and Likelihood Assessment](https://no-cache.hubspot.com/cta/default/3893111/6bb10096-21ee-4aeb-b1f2-e3ff6459ddfd.png)
Risk Impact and Likelihood Assessment (Part 3)
Risks with high impact but lower likelihood are mainly associated with:
○ Prolonged staff unavailability
○ Major IT system outages
○ Loss of critical facilities
Risks with moderate impact and higher likelihood are linked to:
○ Short-term manpower constraints
○ Increased service demand
○ Coordination challenges with partners
Residual risks are assessed as acceptable, subject to continued monitoring and planned improvements.
This structured assessment enables the organisation to systematically prioritise risks and allocate resources efficiently for mitigation and response planning.
Using a standardised scoring methodology across seven key impact areas—Finance, Operations, Legal & Regulatory, Reputation & Image, Social Responsibility, People, and Assets/ IT Systems/ Information — each threat is measured and analysed to determine its overall risk rating and level.
The result is a clear, data-driven foundation for informed decision-making and the strengthening of SHINE’s business continuity and resilience posture.
![[BCM] [SHINE] [E4] [C1] Consolidate and Report Your BCM Program](https://no-cache.hubspot.com/cta/default/3893111/9c45c351-a911-4605-9b1a-15ff2bea98f9.png)
By recognising specific threats arising from Singapore’s environmental, geopolitical, and operational landscape, SHINE can better anticipate risks, assess their potential impact, and prioritise mitigation resources.
This threat profile will support SHINE in developing appropriate recovery strategies, enhancing risk awareness, and reinforcing preparedness across departments.
The following sections will build on this threat landscape to develop tailored risk treatment measures, control activities, and business continuity strategies to safeguard SHINE’s corporate management responsibilities and ensure service delivery under all circumstances.
More Information About Business Continuity Management Courses
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
![Register [BL-B-3]*](https://no-cache.hubspot.com/cta/default/3893111/ac6cf073-4cdd-4541-91ed-889f731d5076.png)
![FAQ [BL-B-3]](https://no-cache.hubspot.com/cta/default/3893111/b3824ba1-7aa1-4eb6-bef8-94f57121c5ae.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
