Section 9.83 Risk Identification

Question 1

Risk Identification

Answer 1

■ Crucial first step in risk management which nvolves recognising potential risks that could impact an organization

■ Risks can vary from financial and operational to strategic and reputational

Question 2

Risk Identification

Techniques

Answer 2

● Brainstorming
● Checklists
● Interviews
● Scenario Analysis

■ Organization should consider a wide range of risks, including operational, financial, strategic, and reputational risks

■ Document and analyze risks based on impact and likelihood

Question 3

Business Impact Analysis (BIA)

Answer 3

Process that involves evaluating the potential effects of disruption to an oganisations business functions and processes

■ Identifies and prioritises critical functions
■ Assesses impact of risks on functions
■ Determines required recovery time for functions after disruption

Question 4

Key Metrics in Business Impact Analysis

Recovery Time Objective (RTO)

Answer 4

○ Maximum acceptable time before severe impact

○ Target time for restoring a business process

Question 5

Key Metrics in Business Impact Analysis

Mean Time to Repair (MTTR)

Answer 5

○ Average time to repair a failed component or system

○ Indicator of repair speed and downtime minimization

Question 5

Key Metrics in Business Impact Analysis

Recovery Point Objective (RPO)

Answer 5

○ Maximum acceptable data loss measured in time

○ Point in time data must be restored to

Question 6

Key Metrics in Business Impact Analysis

Mean Time Between Failures (MTBF)

Answer 6

○ Average time between system or component failures

○ Measure of reliability