Recognising the Sources of Risk
Risk, Threats and Crisis Scenario
Risk
The risk is the potential loss exposure from a threat that disrupts business operations and prevents the organisation from achieving the Minimum Business Continuity Objective (MBCO).
Threat
A Threat is an indication or warning of a probable man-made or natural situation that can disrupt an organisation’s operations or services.
Crisis Scenario
A Crisis Scenario describes a (crisis or disaster) situation that might disrupt the business.
In crisis management planning, a crisis scenario is the equivalent of threats, identified as part of the Risk Analysis and Review phase.
Three Basic Elements of Crisis
The three basic elements of a business crisis are:
- Encountering an increased stress level;
- Having difficulty in finding a resolution, and
- Determining the timing of implementing the solution.
The scenario should include stress indicators or observations. Reference the number of hours worked, safety and quality issues, risks, and legal or regulatory concerns in the crisis scenario.
A clear explanation of how the crisis is affected by increased stress on business operations can help reinforce the feeling of an emergency.
Crisis Events
The events (or occurrences that happen over time) leading up to the crisis can pertain to people or human resources. Example as shown in Appendix 2: Crisis Types.
Finalise Crisis Scenario
When the crisis is clearly defined, and the events leading up to it are known, the organisation can provide an inventory of available resources and the current status of the situation.
They can also create a timeline of the problems that led up to the crisis.
These include actions that have already been taken. Identify the people to contact to take action, including anyone who may be able to assist during the crisis.
You may also want to provide a toolkit of software applications, communication channels, references, or other resources to help crisis responders.
Sources of Risk
The sources of risk (Australian Government, 2012a) may include:
- Biological hazards;
- Civil and political hazards, including civil and political unrest, terrorism, sabotage and hostage-taking;
- Management activities and controls, including deficiencies in areas of non-compliance with internal management systems, legislation, and agreements/contracts;
- Natural hazards and/or disasters; and
- Technological hazards (technology failures).
Elements at Risk
Elements at risk (Australian Government, 2012a) cover the:
- Assets;
- Commercial reputation and goodwill;
- Environment;
- People; and
- Quality of life.
Performance Criteria
In this chapter, the performance criteria describe the performance needed to demonstrate achievement of the “Element of Risk.” The performance criteria are to:
- Establish the organisational context for crisis management;
- Investigate the environment to identify sources of risk, elements at risk and vulnerability;
- Identify and consult crucial relevant personnel, appropriate specialist advisors, and emergency response agencies in determining the sources of risk; and
- Develop emergency sources of the risk register.
Identify Sources of Risk
In the crisis management planning process, the Risk Analysis and Review (RAR) phase focuses on identifying adverse threats and crises affecting organisational assets and on providing risk treatment or crisis strategies for them.
By addressing the major fields of threat exposure, this phase details the risk assessment framework to enable a suitable response.
It identifies the types of crises that could occur in an organisation concerning its weaknesses and limitations.
Identify Crisis Types
Threats, either man-made or natural, are situations or conditions that can cause disruption or crisis to an organisation’s operations or services. Threats are generic. They may or may not have an impact on a given organisation.
For example, an organisation may be immune to a certain threat. Alternatively, a particular threat may not apply to an organisation.
Vulnerability refers to threats pertinent to the organisation concerned.
Risk Analysis is the process of evaluating these threats objectively using quantitative or qualitative methods. These methods usually employ some element of likelihood or uncertainty in their evaluation.
For a start, a scan of the horizon is conducted to categorise potential threats by type and cause.
Categorise Crisis Types
From the sources of risk, these are some of the basic types of crises:
- Natural
- Technological
- Confrontation
- Malevolence
- Organisational Misdeeds
- Skewed Management Values
- Deception
- Management Misconduct
- Workplace Violence
- Rumours
- Lack of Funds
- Natural Factors
Examples of Crisis
As an example of what each business should be prepared to deal with:
- Natural
- For example, tornadoes, earthquakes, hurricanes, landslides, tsunamis, and floods.
- Technological
- For example, the breakdown of critical equipment during a crucial business period, corrupted software and events that give rise to technological crises.
- Confrontation
- For example, boycotts, strikes for indefinite periods, Internal disputes, Ineffective communication, and a lack of coordination give rise to confrontational crises, and employees disobey their superiors by issuing ultimatums and forcing them to accept their demands.
- Malevolence
- For example, kidnapping the company’s officials and false rumours.
- Organizational Misdeeds
- Superiors ignore the after-effects of strategies for quick results.
- Skewed Management Values
- Deception
- Management Misconduct
- Due to Workplace Violence
- For example, beating employees or superiors on office premises.
- Due to Rumours
- For example, employees spreading factually inaccurate information that tarnishes the organisation's image.
- Lack of Funds
- For example, a lack of funds can lead to bankruptcy and a liquidity crisis
Goh, M. H. (2016). A Manager’s Guide to Implement Your Crisis Management Plan. Business Continuity Management Specialist Series (1st ed., p. 192). Singapore: GMH Pte Ltd.
Extracted from Recognise the Sources of Risk
More Information About Crisis Management Blended/ Hybrid Learning Courses
To learn more about the course and schedule, click the buttons below for the CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].








![[BL-CM] [5] Register](https://no-cache.hubspot.com/cta/default/3893111/82024308-16f4-4491-98be-818a882c6286.png)

![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)





