![[CM] [E3] [Risk Assessment] Risk Impact and Likelihood Assessment](https://no-cache.hubspot.com/cta/default/3893111/6473f3f0-1a3f-4096-9276-628cb639f2c9.png)
Part 3: Risk Impact and Likelihood Assessment for OCBC Bank
Introduction
![[CM] [OCBC] [E3] [RAR] [T3] Risk Impact and Likelihood Assessment](https://no-cache.hubspot.com/cta/default/3893111/242a323d-53ee-4135-b0fb-3b86ce4548c0.png)
In this chapter, we assess the risks identified in Part 1: List of Threats / Crisis Scenarios using the BCM Institute’s RAR (Risk Analysis & Review) framework. The goal is to evaluate both the impact and the likelihood of each threat or crisis scenario, so that OCBC Bank can prioritize its risk treatment efforts.
Following BCMpedia’s Part 3: Risk Impact and Likelihood Assessment methodology, we classify impact across seven areas (finance; operations; legal & regulatory; reputation & image; social responsibility; people; assets/IT/information) and assign numeric scores.
We also assess the probability (likelihood) of each crisis occurring, compute a risk rating, and derive a risk level. Finally, we estimate the expected period of disruption, considering existing controls.
This structured assessment helps OCBC’s BCM (Business Continuity Management) and Crisis Management teams to:
- Identify which risks pose the greatest threat to the bank’s resilience.
- Allocate resources (people, controls) effectively;
- Plan for response and recovery (e.g., how long operations may be disrupted).
Table: Risk Impact and Likelihood Assessment
Here is a sample table using representative crisis types from BCMpedia + hypothetical assessment for OCBC Bank. (You should adjust scores, likelihood, and disruption durations based on OCBC’s internal risk analysis.)
|
Crisis Type |
Type of Crisis Scenario |
Impact – Finance (1–5) |
Impact – Operations (1–5) |
Impact – Legal & Regulatory (1–5) |
Impact – Reputation & Image (1–5) |
Impact – Social Responsibility (1–5) |
Impact – People (1–5) |
Impact – Assets/IT/Information (1–5) |
Risk Impact Area (Highest Numeric Score) |
Risk Likelihood (1–5) |
Risk Rating (Impact × Likelihood) |
Risk Level (Very Low / Low / Medium / High / Very High) |
Expected Period of Disruption (hours/days) |
|
Natural |
Flood |
3 |
3 |
1 |
2 |
1 |
1 |
2 |
3 |
2 |
6 |
Medium |
1–2 days |
|
Natural |
Tropical Storm / Typhoon |
4 |
4 |
1 |
3 |
2 |
2 |
3 |
4 |
2 |
8 |
High |
2–3 days |
|
Technological |
Equipment Failure (e.g., data centre UPS failure) |
4 |
4 |
2 |
3 |
1 |
2 |
5 |
5 |
3 |
15 |
Very High |
1 day |
|
Technological |
IT Failure / Cyberattack |
5 |
4 |
3 |
5 |
1 |
3 |
5 |
4 |
4 |
20 |
Very High |
1–2 days |
|
Confrontation |
Internal strike or boycott |
3 |
4 |
2 |
4 |
1 |
3 |
1 |
4 |
1 |
4 |
Low |
12–24 hours |
|
Malevolence |
Kidnapping of a key executive |
2 |
2 |
3 |
4 |
2 |
5 |
1 |
5 |
1 |
5 |
Low |
days (depending) |
|
Organizational Misconduct |
Management deception/misconduct |
4 |
3 |
4 |
5 |
3 |
2 |
1 |
5 |
1 |
5 |
Low |
days to weeks |
|
Rumours |
Fake news / false rumors harming the brand |
2 |
1 |
1 |
5 |
2 |
1 |
1 |
5 |
3 |
15 |
High |
hours to 1 day |
|
Lack of Funds |
Liquidity crisis/insolvency concern |
5 |
3 |
4 |
5 |
2 |
2 |
1 |
5 |
1 |
5 |
Low |
days to weeks |
In summary, this risk impact and likelihood assessment (Part 3) provides a structured, quantitative way to prioritize crisis scenarios for OCBC Bank.
By mapping each identified threat to its probable impact across multiple domains and combining that with the likelihood of occurrence, OCBC can clearly see which risks demand urgent mitigation, which require monitoring, and which are acceptable given current controls.
Moving forward, OCBC should use the outputs of this analysis to:
- Develop or refine risk treatment plans – For “Very High” and “High” risks (e.g., IT failure, cyberattack, flooding), allocate resources to strengthen controls (e.g., redundant infrastructure, incident response, crisis communications).
- Integrate into BCM and Crisis Management strategies – Ensure that business continuity plans, crisis communication plans, and recovery strategies are aligned with the highest-priority risks.
- Regularly review and update – As OCBC’s operating environment, technology, and threat landscape evolve, this risk assessment should be revisited (e.g., annually or after major incidents).
- Train and test – Use tabletop exercises and simulations for the critical scenarios (especially high-risk risks) to validate assumptions (e.g., expected disruption times) and build organizational readiness.
![[CM] [OCBC] [E3] [RAR] [T1-1] List of Threats](https://no-cache.hubspot.com/cta/default/3893111/cc6fdeec-0a2d-4353-a727-210aaed89bdb.png)
![[CM] [OCBC] [E3] [RAR] [T1-2] List of Threats](https://no-cache.hubspot.com/cta/default/3893111/12778e40-a0dd-48d1-bb65-dea921921eb1.png)
![[CM] [OCBC] [E3] [RAR] [T1-2] [Technology] List of Threats](https://no-cache.hubspot.com/cta/default/3893111/f7188ecf-7f44-4e7a-94f5-2b673aebb29c.png)
![[CM] [OCBC] [E3] [RAR] [T2] Treatment and Control](https://no-cache.hubspot.com/cta/default/3893111/34b476a9-fc87-4f78-b447-32152190e449.png)
![[CM] [OCBC] [E3] [CMS] [T1] Crisis Prevention Strategy](https://no-cache.hubspot.com/cta/default/3893111/593b9821-fbe4-43b9-a21e-6a2bf50dd589.png)
![[CM] [OCBC] [E3] [CMS] [T2] Crisis Response Strategy](https://no-cache.hubspot.com/cta/default/3893111/7aaf0c28-abe9-472e-acf8-063212f030c7.png)
![[CM] [OCBC] [E3] [PD] [CS] [1] Mass Casualty Incident](https://no-cache.hubspot.com/cta/default/3893111/395f1f1c-599b-49bd-940f-d2cc417a817e.png)
More Information About Crisis Management Blended/ Hybrid Learning Courses
To learn more about the course and schedule, click the buttons below for the CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].
![[BL-CM] [5] Register](https://no-cache.hubspot.com/cta/default/3893111/82024308-16f4-4491-98be-818a882c6286.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
