Section 9.83 Risk Identification and Analysis

Question 1

Risk Identification

Answer 1

■ Crucial first step in risk management which involves recognising potential risks that could impact an organization

■ Risks can vary from financial and operational to strategic and reputational

Question 2

Risk Identification

Techniques

Answer 2

● Brainstorming
● Checklists
● Interviews
● Scenario Analysis

■ Organization should consider a wide range of risks, including operational, financial, strategic, and reputational risks

■ Document and analyze risks based on impact and likelihood

Question 3

Risk Analysis

Business Impact Analysis (BIA)

Answer 3

All business have functions and processes that they follow to achieve thier objectives

BIA addresses the potential impact of DISRUPTION amongst the functions and processes.

BIA helps

■ Identify the critical functions/processes
■ Analyse the impact of risks on functions/processes
■ Determine recovery time for functions/processes after disruption

BIA uses 4 key METRICS to help reduce the damage

Question 4

Key Metrics in Business Impact Analysis

Recovery Time Objective (RTO)

Answer 4

○ Maximum acceptable time before severe impact

○ Target time for restoring a business process

Question 5

Key Metrics in Business Impact Analysis

Mean Time to Repair (MTTR)

Answer 5

○ Average time to repair a failed component or system

○ Indicator of repair speed and downtime minimization

Question 5

Key Metrics in Business Impact Analysis

Recovery Point Objective (RPO)

Answer 5

○ Maximum acceptable data loss measured in time

○ Point in time data must be restored to

Question 6

Key Metrics in Business Impact Analysis

Mean Time Between Failures (MTBF)

Answer 6

○ Average time between system or component failures

○ Measure of reliability of your systems