About Risk Assessment and Business Impact Analysis
Sound Business Continuity Management programs begin with Risk
Assessment. In this context, risk is defined as the possibility of
suffering harm to or loss of the organization’s real and intangible
assets. Risk Assessment is the identification of the major risks and
threats to which an organization’s reputation, business processes,
functions, and assets are exposed. What is the possibility (level of
vulnerability) that a harmful incident (threat) will occur - very likely,
possible, probable, or very unlikely? What will be the impact –
minimal, significant, serious, or catastrophic? The end objective of
Risk Assessment is to manage and control risk by identifying threats,
analyzing the risks, and then implementing cost-effective
countermeasures to avoid, mitigate, transfer the risks to a third party
through insurance programs. Business Contingency Plans that can be
implemented following a disruptive incident should also be developed.
The broadly based questions that must be asked are:
Due to technical, financial, time, legal, environmental and sociological
constraints it is not realistic to think that every threat can be
eliminated. On the other hand, risk of catastrophic loss –
consequences that are devastating and likely to mean the end of an
organization – is unacceptable. For this situation the cost of
countermeasures is acceptable and the typical cost/benefit analysis is
unimportant. Organizations should concentrate on the most critical
areas and most probable threats first. Enterprise-wide Business
Continuity Plans should also be in place to deal with the
consequences of incidents that do occur so that a full-scale disaster
does not occur. It is far better to prevent disasters to the extent
possible than to execute a brilliant recovery from a disaster that could
have been prevented.
Business Impact Analysis is the identification of the business
processes and functions that are vital to the survival of the
organization, the adverse impact that would be caused by their loss,
and the period of time by which they must be restored to minimally
acceptable operational levels. The operational and financial impact
caused by the permanent or temporary loss of vital business
processes is assessed. The resources that will be required to restore
the business processes and functions to minimally acceptable
operational levels are also identified. Recovery Time Objectives, the
periods of time within which vital business processes must be
recovered, are determined and ranked by criticality.
Our RiskPAC risk assessment and Business Impact Analysis
software has been created to go well beyond traditional impact
analysis software capabilities to provide the information needed to
effectively identify, measure and manage the risks your organization
faces. The measurement of the impact a disruption of business
functions and computer applications could have on your organization
is important. However, a comprehensive risk prevention program will
also include the identification of risks and the formulation of controls
that can be used to mitigate or eliminate those risks. A complete risk
management program can very well prevent, or at least reduce the
chance that a risk will escalate into a disruption or disaster. It is far
better to prevent disasters to the extent possible than it is to execute a
brilliant recovery from a disaster that could have been prevented.
RiskPAC Features
RiskPAC Benefits
Back to RiskPAC Overview
Download a RiskPAC Demonstration
Sound Business Continuity Management programs begin with Risk
Assessment. In this context, risk is defined as the possibility of
suffering harm to or loss of the organization’s real and intangible
assets. Risk Assessment is the identification of the major risks and
threats to which an organization’s reputation, business processes,
functions, and assets are exposed. What is the possibility (level of
vulnerability) that a harmful incident (threat) will occur - very likely,
possible, probable, or very unlikely? What will be the impact –
minimal, significant, serious, or catastrophic? The end objective of
Risk Assessment is to manage and control risk by identifying threats,
analyzing the risks, and then implementing cost-effective
countermeasures to avoid, mitigate, transfer the risks to a third party
through insurance programs. Business Contingency Plans that can be
implemented following a disruptive incident should also be developed.
The broadly based questions that must be asked are:
- What are the threats that may cause a disaster?
- Can we eliminate the risk that a disaster may occur?
- Can we reduce the risk?
- Can we insure against the threat? I.e., buy insurance against
fire, natural disasters, and fraud, and obtain maintenance to
ensure against equipment failures. - What is the cost of eliminating the threat or reducing the level of
risk? - Can we afford the cost of the controls and countermeasures that
can reduce or eliminate the risk?
Due to technical, financial, time, legal, environmental and sociological
constraints it is not realistic to think that every threat can be
eliminated. On the other hand, risk of catastrophic loss –
consequences that are devastating and likely to mean the end of an
organization – is unacceptable. For this situation the cost of
countermeasures is acceptable and the typical cost/benefit analysis is
unimportant. Organizations should concentrate on the most critical
areas and most probable threats first. Enterprise-wide Business
Continuity Plans should also be in place to deal with the
consequences of incidents that do occur so that a full-scale disaster
does not occur. It is far better to prevent disasters to the extent
possible than to execute a brilliant recovery from a disaster that could
have been prevented.
Business Impact Analysis is the identification of the business
processes and functions that are vital to the survival of the
organization, the adverse impact that would be caused by their loss,
and the period of time by which they must be restored to minimally
acceptable operational levels. The operational and financial impact
caused by the permanent or temporary loss of vital business
processes is assessed. The resources that will be required to restore
the business processes and functions to minimally acceptable
operational levels are also identified. Recovery Time Objectives, the
periods of time within which vital business processes must be
recovered, are determined and ranked by criticality.
Our RiskPAC risk assessment and Business Impact Analysis
software has been created to go well beyond traditional impact
analysis software capabilities to provide the information needed to
effectively identify, measure and manage the risks your organization
faces. The measurement of the impact a disruption of business
functions and computer applications could have on your organization
is important. However, a comprehensive risk prevention program will
also include the identification of risks and the formulation of controls
that can be used to mitigate or eliminate those risks. A complete risk
management program can very well prevent, or at least reduce the
chance that a risk will escalate into a disruption or disaster. It is far
better to prevent disasters to the extent possible than it is to execute a
brilliant recovery from a disaster that could have been prevented.
RiskPAC Features
RiskPAC Benefits
Back to RiskPAC Overview
Download a RiskPAC Demonstration
 |
 |
 |
 |
 |
 |
CPACS...The Leading Developer of Business Continuity Planning Software Products
Pomperaug Office Park
Building Two, Suite 103
Southbury, CT 06488 USA
(800) 925-2724 or (203) 431-8720
Fax: (203) 262-9221
info@cpacsweb.com
Building Two, Suite 103
Southbury, CT 06488 USA
(800) 925-2724 or (203) 431-8720
Fax: (203) 262-9221
info@cpacsweb.com