Explain the elements fo the risk management process Flashcards
5.2
Risk assessment
Risks need to be assessed. May be a one time thing at the point of acquisition, might be part of an existing process.
Change control requires a risk assessment before making any change - Continuous change control.
Risk Identification
Risks should be identified
Ad Hoc Assessments
An organisation may not have a formal risk assessment process. A committee will be created and the risk assessment proceeds. Once the assessment is complete the committee is disbanded.
Recurring assessments
The evaluation occurs on standard intervals.
An internal assessment may be performed every three months and a mandated risk assessment.
Qualitative risk assessment
A way to evaluate risk. Will look at individual risk factors. Display visually with traffic light grid or similar method to see an overall risk factor.
ARO
Annualised rate of Occurrence.
How Likely is it that a hurricane will hit.
AV
AV
the value of the asset to the organisation
Exposure Factor
EF
The percentage of the value lost due to an incident. losing a quarter of the value is 0.25
Quantitative Risk assessment. SLE ?
SLE (Single loss Expectancy).
Monetary Loss if a single event occurs.
Asset Value (AV) x Exposure Factor (EF)
= SLE
ALE
Annualised Loss Expectancy
ARO X SLE = ALE
Impact
What is affected?
Life, Property, Safety, Finance.
Likelihood and Probability
Risk Likelihood
A quantitative measurement of risk, A statistical measurement. Can be based on historical performance.
Risk Appetite
Risk Appetite posture. A broad description of risk-taking deemed acceptable.
Risk tolerance
How much risk a company is willing to tolerate.
Risk register
to document all risks and provide some options or solutions to avoid risks.
