a. Risk assessment
This page is part of the risk services which belongs to the Governance, compliance and risk assessment section of our services that includes: risk assessment (you are here), internal controls, risk management, the risk checklist and why penetration testing fails.
Risk assessment for a particular issue forms the foundation for making a decision about future actions.
Judgment and values enter into risk assessment in the context of what technqiues one should use to bjectively describe and evaluat risk.
By improving risk assessment one helps improve one’s bottom line.
Risk assessment documents assets, vulnerabilities, likelihood of damage, estimates of the costs of recovery, summaries of possible defensive measures and their costs and estimated probable savings from better protection.
A risk analysis is the process of arriving at a risk assessment, which is also called a “threat and risk assessment.”
A “threat” is a harmful act such as the deployment of a virus or illegal network penetration or bringing printer cartridges loaded with explosives onto a plane (see below).
A “risk” is the expectation that a threat may succeed and the potential damage that can occur.
the value proposition
| 1 | risk assessment | is a scientifically based process comprising four steps: hazard identification, hazard characterization, exposure assessment and risk characterization. |
| 3 | Risk assessment means | the process of analyzing potential losses from a given hazard using a combination of- known information about the situation,- knowledge about the underlying process, and- judgment about the information that is not known or well understood. |
| 3 | Risks that are left untracked | can cause serious damage to the firm (e.g., being part of litigation, product flop or failure in the marketplace) and its efforts to achieve its strategic objectives (e.g., growth, cost management, profitability) |
| 4 | Solution | implement and monitor appropriate control and risk indicators to manage risk mitigation satisfactorily |
| CyTRAP Labs provides clients with tools that facilitate the: | ||
| A | better articulating and documenting of the amount of risk taking that is acceptable to the firm, and | |
| B | more efficient and effective risk management to assure better risk governance | |
When conducting a risk assessment, it is important to define what the goals and objectives are for the risk assessment and what that organization would like to accomplish by conducting one.
Example
Failing to assess risks properly and systematically endangers the firm’s reputation and brand. As well, proper risk management is based on having done a thorough risk assessment:
risk assessment and risk management – Scandinavian Airlines fails to use the six-step process
Early November 2010 the UK government decided to stop all air passengers from carrying printer cartridges larger than 500 grammes in hand luggage. The question is if this interim measure will lower the risk for the threat of a passenger bringing printer cartridges loaded with explosives onto a passenger plane to blow it up whilst being en route?
PS. For logistics companies, terrorism is just another cost of doing business, like stormy seas or dealing with Somali pirates. Indeed, even a new layer of security costs – if governments decide more needs to be done – would be insubstantial next to the big expenses of fuel, capital and labor.
Since everyone would pay, no one would lose out to competitors. Customers might face delays but shippers and freight forwarders are used to rerouting around bottlenecks.
Article source: CyTRAP Labs and ComMetrics: Risk management