Part 3: RAR – Risk Impact and Likelihood Assessment
Surbana Jurong Group
![[BCM] [SJ] [E3] [RAR] [T3] Risk Impact and Likelihood Assessment](https://no-cache.hubspot.com/cta/default/3893111/5c74de4b-6175-489f-b8ae-391054679e44.png)
This chapter presents the Risk Impact and Likelihood Assessment for Surbana Jurong (SJ) as part of the organisation’s overall Risk Assessment and Review (RAR) process.
Building on the identified threats outlined in Part 1: RAR – List of Threats, this section evaluates each risk based on its potential impact across several critical domains, namely: Finance, Operations, Legal and Regulatory, Reputation and Image, Social Responsibility, People, and Assets/IT Systems/Information.
The purpose of this assessment is to determine the severity of each threat if it materialises, combined with the likelihood of its occurrence.
This structured evaluation helps prioritise risks that require immediate mitigation and informs strategic decisions related to business continuity planning, disaster recovery, and operational resilience.
The analysis supports compliance with ISO 22301 Business Continuity Management System (BCMS) standards. It is essential in ensuring SJ's ability to maintain service delivery, safeguard stakeholders, and protect its corporate reputation in the face of various disruptions.
Each threat is scored using a 5-point scale for both impact and likelihood. The resulting risk ratings guide the determination of risk levels—Low, Medium, High, or Critical—and assist in estimating the expected period of disruption.
Here is the "Part 3: RAR - Risk Impact and Likelihood Assessment" table for Surbana Jurong (SJ) based on a standard risk assessment framework.
The threats are assumed based on typical risks for an engineering and infrastructure consultancy firm like SJ (referencing from your Part 1: RAR - List of Threats):
Risk Impact and Likelihood Assessment Table
|
Threat |
Finance |
Operations |
Legal & Regulatory |
Reputation & Image |
Social Responsibility |
People |
Assets / IT Systems / Information |
Risk Impact Area (Highest Score) |
Risk Likelihood |
Risk Rating (Impact × Likelihood) |
Risk Level |
Expected Period of Disruption |
|
Cyberattack on design platforms |
4 |
4 |
3 |
4 |
2 |
3 |
5 |
5 (Assets/IT) |
4 (Likely) |
20 |
High |
3 – 7 days |
|
Pandemics affecting on-site operations |
4 |
5 |
4 |
4 |
5 |
5 |
3 |
5 (Operations/People) |
3 (Possible) |
15 |
Medium |
1 – 2 weeks |
|
Data breach or IP theft |
4 |
3 |
5 |
4 |
2 |
3 |
5 |
5 (Legal & IT) |
3 (Possible) |
15 |
Medium |
1 week |
|
Fire or flood in the data centre |
5 |
4 |
3 |
3 |
2 |
2 |
5 |
5 (IT Systems) |
2 (Unlikely) |
10 |
Low-Med |
3 – 5 days |
|
Regulatory non-compliance (e.g. PDPA, BIM, safety) |
4 |
3 |
5 |
4 |
3 |
2 |
4 |
5 (Legal & Regulatory) |
2 (Unlikely) |
10 |
Low-Med |
1 – 2 days |
|
Project site accident/fatality |
3 |
4 |
4 |
5 |
5 |
5 |
2 |
5 (People) |
3 (Possible) |
15 |
Medium |
1 – 2 weeks |
|
Political instability in overseas projects |
4 |
4 |
4 |
4 |
3 |
3 |
3 |
4 (Finance/Operations) |
2 (Unlikely) |
8 |
Low |
>2 weeks |
|
Contractor/vendor failure |
4 |
5 |
3 |
3 |
3 |
3 |
2 |
5 (Operations) |
3 (Possible) |
15 |
Medium |
3 – 7 days |
|
Industrial espionage |
4 |
2 |
5 |
4 |
2 |
3 |
4 |
5 (Legal & Regulatory) |
2 (Unlikely) |
10 |
Low-Med |
1 week |
|
Environmental/climate disaster (e.g. flooding at the site) |
5 |
5 |
4 |
4 |
5 |
4 |
4 |
5 (Operations & Social Responsibility) |
3 (Possible) |
15 |
Medium |
1 – 2 weeks |
Notes
- Scoring system (1-5) is assumed:
- 1 = Negligible/Remote, 5 = Severe/Certain.
- Risk Rating = Impact × Likelihood.
- Risk Level:
- 1–6 = Low,
- 7–14 = Medium,
- 15–19 = High,
- 20–25 = Critical.
Summing Up ...
The Risk Impact and Likelihood Assessment highlights the varied nature and severity of threats that may affect Surbana Jurong’s operations, both locally and in its overseas projects.
Through this structured evaluation, SJ gains visibility into which risk scenarios pose the most significant threat to its critical business functions and stakeholders.
High-risk areas such as cyberattacks, project site accidents, and vendor failures indicate the need for strengthened controls, improved resilience strategies, and contingency planning.
This chapter serves as a foundation for the next step in the risk management lifecycle—developing and refining targeted risk treatment and mitigation strategies, as documented in Part 4: RAR – Risk Treatment Plan.
By prioritising and addressing these risks proactively, Surbana Jurong enhances its ability to continue delivering engineering and infrastructure services reliably and responsibly, even in times of crisis.
![[BCM] [SJ] [E3] [BIA] MBCO Corporate MBCO](https://no-cache.hubspot.com/cta/default/3893111/24c05d3a-b149-4ca8-98e7-502110252314.png)
![[BCM] [SJ] [BIA] [P&S] Key Product and Services](https://no-cache.hubspot.com/cta/default/3893111/47c328b1-d3ec-4f9f-be8b-daf100414ee0.png)
![[BCM] [SJ] [E3] [RAR] [T1] List of Threats](https://no-cache.hubspot.com/cta/default/3893111/9af21487-e3ba-45a9-8eab-daba82e83ad4.png)
![[BCM] [SJ] [E3] [RAR] [T2] Treatment and Control](https://no-cache.hubspot.com/cta/default/3893111/0339c379-e3c2-41db-bc1f-1e3b9cb0032b.png)
![[BCM] [SJ] [E3] [BCS] [T1] Mitigation Strategies and Justification](https://no-cache.hubspot.com/cta/default/3893111/a14be3e6-40db-483e-98b0-0d3aab89c255.png)
![[BCM] [SJ] [E1] [C10] Identifying Critical Business Functions](https://no-cache.hubspot.com/cta/default/3893111/9b78c18e-0123-4ad1-a166-d4e10e688703.png)
![[BCM] [SJ] [E3] [BIA] [DP] [CBF] [1] Project Design and Engineering Services](https://no-cache.hubspot.com/cta/default/3893111/4b1be737-b29a-4b03-8783-0b41e9348916.png)
![[BCM] [SJ] [E3] [BIA] [T1] [CBF] [1] Project Design and Engineering Services](https://no-cache.hubspot.com/cta/default/3893111/638e6794-72ee-4ba8-bc50-76fa3d828437.png)
![[BCM] [SJ] [E3] [BIA] [T2] [CBF] [1] Job Matching and Career Services](https://no-cache.hubspot.com/cta/default/3893111/3a138ac8-44b3-4d72-a619-741c8bd7a252.png)
![[BCM] [SJ] [E3] [BIA] [T3] [CBF] [1] Project Design and Engineering Services](https://no-cache.hubspot.com/cta/default/3893111/e8d09a1d-b9c2-4bfc-a58e-3da5940212e2.png)
![[BCM] [SJ] [E3] [BCS] [T2] [CBF] [1] Recovery Strategies](https://no-cache.hubspot.com/cta/default/3893111/fead7f44-b21b-40cd-a2e5-52ce716c39d5.png)
![[BCM] [SJ [E3] [BCS] [T3] [CBF] [1] Minimum Resources Required during a Disaster](https://no-cache.hubspot.com/cta/default/3893111/17287efc-9c3a-4e36-b5ff-1c5fdcf78762.png)
![[BCM] [SJ] [E3] [PD] [CBF] [1] Project Design and Engineering Services](https://no-cache.hubspot.com/cta/default/3893111/e6dde8d8-1404-4fb7-9c0c-fc70e101040b.png)
More Information About Business Continuity Management Courses
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
![Register [BL-B-3]*](https://no-cache.hubspot.com/cta/default/3893111/ac6cf073-4cdd-4541-91ed-889f731d5076.png)
![FAQ [BL-B-3]](https://no-cache.hubspot.com/cta/default/3893111/b3824ba1-7aa1-4eb6-bef8-94f57121c5ae.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
