Assessments and Analysis Flashcards
What is a risk assessment?
The identification, analysis, and evaluation of uncertainties to objectives and outcomes.
What is the objective of a risk assessment?
To provide results that inform decision makers of choices available to effectively manage risk.
What is the difference between Quantitative and Qualitative risk assessment?
Quantitative is computational and relies on probabilities and statistics.
Qualitative is subjective and relies on reasoning, uses descriptive terms like major, minor, moderate, likely, unlikely etc.
What is the difference between a …. Risk analysis, Risk evaluation, Risk assessment, and Risk identification?
Risk Assessment-Overall and systematic process of evaluating the effects of uncertainty on achieving objectives. Risk assessment includes Risk analysis, evaluation, and identification.
Risk Identification-Process for determining what risks are anticipated and, their characteristics, time dependencies, frequencies, duration periods, and possible outcomes.
Risk Analysis-Process to characterize risk and understand the nature of risk and to define the level of risk.
Risk Evaluation-Process of equating the results of risk analysis with risk criteria to determine whether a particular risk level is within an acceptable tolerance or presents a potential opportunity.
What benefits and costs should be taken into account during a Cost-Benefit Analysis?
Both the Direct and Indirect Costs/Benefits.
Indirect: Loss of productivity, but increase in worker confidence.
What is Criticality/Consequence Analysis?
A measure of impact of the risk event relative to achieving the organization’s objectives and the impact of losing a tangible or intangible assets, activity, or function will have on the operations of the organization and its stakeholders respectively.
Also defined as: A process designed to systematically identify, evaluate, and rank positive and negative impacts on an organizations stakeholders, assets, services, and activities based on the importance of its mission or unction, or the significant of risks on the organizations ability to meet its objectives and expectations.
What is Vulnerability/Capability Analysis? What 3 things are looked for?
Vulnerability is dependent on the risk control measures deployed to manage a risk event.
Capability is dependent on the adaptability of the entity and its ability to response to negative event and to take advantage of positive events. Specifically, it is a process for evaluating:
1) Competence, aptitude, and experience of people and the organization.
2) Suitability of Technology
3) Application of process for purposes to determine whether or not the expected output will fall within an acceptable range.
The analysis of both Vulnerabilities and Capabilities evaluates the efficacy of the risk measures in place that will have an effect on the likelihood of a threat or opportunity materializing and likelihood and extent of consequences.
What is opportunity analysis in terms of a risk assessment?
Opportunity analysis typically looks at the potential for change that an organization might undergo to improve its overall results.
What does threat analysis consider in terms of a risk assessment?
Threat analysis considers impacts, timeframes, and factors that may prevent achievement of objectives.
What is impact analysis?
Process that identifies and evaluates potential effects of change upon an organization.
What is Error Analysis?
A consideration of the kind and quantity of error that may occur.
What is Sensitivity Analysis?
Any systematic technique used to understand how risk estimates and risk based decision are dependent on variability and uncertainty in factors contributing to risk.
What is a Stress Analysis?
Stress Test are a form of simulation used to determine reaction to different situations. Stress tests are also used to gauge how certain stressors will affect an entity.
What is a gap analysis? What are the three steps of GAP Analysis?
xxx
What are the six basic steps carrying out the risk assessment process?
1) Identify and value Assets
2) Identify Threats
3) Determine Vulnerabilities
4) Impact of a loss event
5) Analysis and prioritization
6) Mitigation and baseline approach
