[BCM] [TAL] [E3] [RAR] [T3] Risk Impact and Likelihood Assessment

Part 3: RAR – Risk Impact and Likelihood Assessment

In continuation of the Risk Analysis and Review (RAR) process, this chapter presents a structured evaluation of the impact and likelihood of the threats previously identified in Part 1: RAR – List of Threats.

This assessment is a critical component of the Business Continuity Management (BCM) methodology, providing Tripartite Alliance Limited (TAL) with a data-driven approach to prioritise risks and guide resource allocation.

Each threat is analysed across a comprehensive set of impact areas, including:

• Finance
• Operations
• Legal & Regulatory
• Reputation & Image
• Social Responsibility
• People
• Assets / IT Systems / Information

In addition to assigning numerical values to the highest impact across these categories, each threat is also rated by its likelihood of occurrence. These two factors are multiplied to derive a Risk Rating, which is then classified into one of four Risk Levels: Low, Medium, High, or Extreme.

The analysis also considers the expected period of disruption should the risk materialise.

By evaluating threats in this structured manner, TAL can better understand the potential severity of disruptions and focus its risk mitigation and preparedness efforts on those that pose the greatest threat to its mission and operations.

This is the "Part 3: RAR – Risk Impact and Likelihood Assessment" table for Tripartite Alliance Limited (TAL), derived from the threats listed in Part 1 and based on best practices from BCMPedia – Risk Analysis.

Assumptions

• Risk impact scores are rated on a scale of 1 (Low) to 5 (High).
• Likelihood is rated as Rare (1), Unlikely (2), Possible (3), Likely (4), Almost Certain (5).
• Risk Rating = Impact (highest score across categories) × Likelihood.
• Risk Level is derived from the Risk Rating:
  • 1–4: Low
  • 5–9: Medium
  • 10–15: High
  • 16–25: Extreme

Table: Risk Impact and Likelihood Assessment (Tripartite Alliance Limited)

Here is a risk heat map representation for Tripartite Alliance Limited (TAL), based on the Part 3 risk assessment data and mapped onto a standard 5×5 grid using Likelihood (horizontal axis) and Highest Impact (vertical axis).

The coloured regions highlight Low (Green), Medium (Yellow), High (Orange), and Extreme (Red) risk levels.

Risk Heat Map (TAL)

Each risk is plotted according to its Likelihood (1–5) and Highest Impact score (1–5):

css
CopyEdit
Impact ↓\Likelihood → 1    2    3    4    5
       5      [Terrorist]       [Pandemic]     [Network] 
       4      [Labour] [Flood] [Haze] [IT Vendor] [Power]
       3      [Thunderstorm] [Facilities] [Training Delay] [Hardware]
       2      –                       
       1      –                       

Colour coding by Risk Level:

• Green (Low): Risk Rating ≤ 4
• Yellow (Medium): 5 ≤ Rating ≤ 9
• Orange (High): 10 ≤ Rating ≤ 15
• Red (Extreme): Rating ≥ 16

Detailed Plot & Risk Level Summary

Interpretation & Use

• Network Failure occupies the top-right corner (Impact 4 × Likelihood 4 = 16)—categorised as Extreme risk and marked in red, signalling the highest priority for mitigation.
• The high‑risk cluster (orange) includes threats scoring between 12 and 15, many of which—like Cyberattacks, Pandemic, IT Vendor Failure, and Floods—affect critical operations and require robust controls.
• Medium‑risk (yellow) threats are those with moderate combinations of likelihood and impact, warranting monitoring and potentially incremental mitigations.
• No threats fall in the Low/Green zone, confirming that all identified risk scenarios pose at least moderate concern for TAL’s operations.

Next Steps

• Prioritise red and orange threats for immediate action—e.g., strengthen network resilience, cyber defence, and pandemic readiness.

• Review medium‑risk areas periodically, ensuring existing controls remain adequate and adjusting if likelihood or impact changes.
• Update the heat map quarterly or after significant changes—such as new services, building relocations, or regulatory shifts—to reflect evolving risk posture.

Summing Up ...

The risk impact and likelihood assessment conducted in this chapter provides a clear, quantifiable picture of the threat landscape faced by Tripartite Alliance Limited (TAL).

Through a systematic evaluation of each threat’s potential impact across key operational domains and its likelihood of occurrence, this analysis forms the foundation for informed decision-making and prioritisation of risk treatment efforts.

High and extreme risks—such as network failure, cyberattacks, and pandemic outbreaks—demand immediate and proactive mitigation, while medium-level threats require ongoing monitoring and periodic review.

The use of a heat map enables visual identification of risk concentration areas and facilitates leadership engagement in risk governance.

As TAL continues to deliver public value in promoting fair and progressive workplace practices in Singapore, this risk assessment ensures that the organisation remains resilient, responsive, and ready to manage disruptions with agility and confidence.