To be successful, any risk assessment has to concentrate on the local identifiable issues relating to the business. Before exploring other concerns, concentrate on the most realistic risks and threats that currently exist in the business environment. This can include factors such as:
1) The Nature of the Business.
Risk Management
Fashion To Go Fashion To Go Buy Elite Buying Ideas Buying Tags Cheap Sales Custom Items Daily Corner Daily Item Daily Tags Easy at Home Easy Purchase Ed-Buy Online Elite Market Elite Zone E-Shopping Mall Gift Shopping I-Shopping New Prices New Price Tags Online Grocery Shop for Online Shop In Style Shopping Cart Shopping Day AZ Shopping Cart Brand Sales 24 Hours For Gifts2) Surrounding Area of Facility.
3) The Construction of the Facility.
4) Common Weather Patterns.
5) Technology Dependencies.
OBJECTIVES OF THE RISK ASSESSMENT
During the Risk Assessment, risks to the business will be identified and evaluated. The vulnerability of the business to these risks will be rated. You will also:
1) Identify what prevention practices are being used.
2) Define and implement safeguards to mitigate risks.
3) Conclude the overall risk to the business.
4) Build a case for strategy selections.
Once the assessment is completed, a business can make decisions regarding methods of mitigating risks. By completing a Risk Assessment and Business Impact Analysis, a business can implement the best strategies for Contingency Planning.
RISK ASSESSMENT PROCESS
Despite the prevention practices utilized, potential hazards that are existent and could result in a loss to the business need to be considered. Even though the exact nature of these exposures and their consequences are tough to determine, it is valuable to conduct a risk assessment of all threats that can logically happen.
WHAT SHOULD BE INCLUDED?
All locations and facilities should be included in the risk assessment. Surrounding businesses, local fire, police, and community utilities should also be included in the assessment. Any vendor provided service that is provided to the business should also be evaluated.
STEPS TO FOLLOW
The following steps are necessary for completing a Risk Assessment.
1) Identify Threats/ Risk and Vulnerabilities.
2) Analyze risks and determine vulnerability.
3) Identify mitigation and recovery options.
4) Evaluate and Choose Options.
There are additional steps that need to take place during this process. Some of those actions are:
1) Review Internal Plans and Policies.
2) Meet with Outside Groups.
3) Identify Assets.
4) Conduct an Insurance Review.
ASSESSING YOUR RISK
The process of identifying risks/threats, probability of occurrence, the vulnerability to each risk/threat and the potential impact that could be caused, is necessary to prepare preventative measures and create recovery strategies. Risk identification also provides a number of other advantages including:
1) Exposes previously overlooked vulnerabilities that need to be addressed by plans and procedures.
2) Identifies where preventative measures are lacking or need reevaluated.
3) Can point out the importance of contingency planning to get staff and management on board.
4) Will assist in documenting interdependencies between departments and increase communication between internal groups. Can also point out single points of failures between critical departments.
For the ease of this process, categories of risk should be created to focus the thought process. In the Risk Assessment Survey, the main categories include, Natural Risks, Man-Made (Human) Risks, and Environmental Risks. These are certainly not requirements, and should not be considered to be constraining.
The nature of a risk/threat should be determined, regardless of the type. Factors to consider should include (but not limited to):
1) Geographic Location.
2) Weather Patterns for the Area and Surrounding Areas.
3) Internal Hazards (HVAC, Facility Security, Access, etc).
4) Proximity to Local Response/Support Units.
5) External Hazards (neighboring Highways, Plants, etc).
Potential exposures may be classified as:
1) Natural Threats.
2) Man-made (human) Threats.
3) Environmental Threats.
Other steps in conducting Risk Assessment are to review following points:
1) Probability of Occurrence.
2) Vulnerability to Risk.
3) Potential Impact.
4) Preventative Measures in Place.
5) Insurance Coverage.
6) Past Experiences.
ANALYZING THE RESULTS
Once the Risk Assessment Survey and face to face interviews have been conducted, the next step is to analyze and present the results so that Executive Management can get most use of the data. Analysis can be a time-consuming and tedious process, especially with an enormous amount of data, but it is critical to the RA process.
The analysis will be the foundation for planning recommendations to senior management. The recovery strategies that need to be developed should be based on the findings of the Risk Assessment Survey and interviews, as well as the Business Impact Analysis findings.
FINAL REPORT & PRESENTATION
Begin your final report with an executive overview of the Risk Assessment Project. This will explain the objectives of the project, what was in scope, and what approach was used. Then provide a summary review of potential hazards.
CREATION OF EXECUTIVE REPORT
The findings from the Risk Assessment will form the basis for the final report. The purpose is to provide senior management with enough information to make them comfortable in endorsing the recommending strategies, actions, budgets or to accept the level of risk by not implementing recovery strategies. The report should include graphs, which visually demonstrate the findings. Do not overuse the graphs. Too many graphs and reports can make reviewing the information confusing. Provide graphs for overall information on the departments, financial impact, etc.
The final report should include:
1) Previous Disruption History.
2) Risks & Vulnerabilities.
3) Preventative Measures.
4) Presenting the Results.
5) Next Steps.
The Risk Assessment process is an essential phase of Continuity Planning. The possibility of a disaster impacting a business is unpredictable. The business should implement a comprehensive Continuity Planning Program and develop recovery plans that encompass all critical operations and functions of the business.
Conducting Risk Assessment
Bob Mehta is the owner of USA based Supremus Group LLC and is the contributing author for Supremus Group & is expert in regulatory compliance. For more details visit:
HIPAA Training &
http://www.compliancehome.com
watch cell phone Stuhrling Original Alpine Skeleton Cheap Buy Edgesounds Native Russian Volume 1 Ni Kontakt Buy Best Diamond And 18K White Gold Chandelier
0 comments:
Post a Comment