Improve Your Risk Evaluation and Control #1

Identifying new risks and additional controls can provide visible and evident benefits to the organization but can initially seem daunting.  By following these tips, you can expedite this step and grow your network while enhancing your organization’s defences.

Tip #1 Establish the risk evaluation as a small project

Manage the risk evaluation as a mini-project within the Business Continuity Planning Program with its’ own scope, objectives, and milestones. Clearly identifying the scope of the risk assessment will make it more manageable and more accurate.   Clarify the meaning of key terms that will be used in the risk evaluation. The following are some sample definitions:

  • Risk is the potential for exposure to loss which can be determined by using either qualitative or quantitative measures.
  • Risk Categories are risks of similar types are grouped together under key headings, otherwise known as ‘risk categories’. These categories include reputation, strategy, financial, investments, operational infrastructure, business, regulatory compliance, outsourcing, people, technology and knowledge.
  • Risk Control is all methods of reducing the frequency and/or severity of losses including exposure avoidance, loss prevention, loss reduction, segregation of exposure units and non-insurance transfer of risk.

Make sure to exclude certain categories of risk that will be outside of the scope of this evaluation (such as strategic risks).

Your organization’s risk tolerance level must come from senior management, ideally from their corporate risk council or chief risk officer.

Return tomorrow for our next tip…

(For more information on DRI’s professional practices please read Professional Practice One – Program Initiation and Management DRII Professional Practices  June 1, 2012 Version 1)

  • Be Prepared

  • Professionals

  • Categories

%d bloggers like this: