Risk Management-Identify, Analyze & draw Mitigation plan, Risk Management-Identify, Analyze & draw Mitigation plan.
Course Description
1. Planning and Prevention (Response-Risk Management)
A risk is any threat that an event or action will adversely affect the business and its objectives. Risk can be defined as the combination of the probability of an event occurring and the consequences if that event does occur. This gives us a simple formula to measure the level of risk in any situation.
Risk = Likelihood x Severity
Risk= Failure probability x damage related to the failure
Risk Management is a process of thinking systematically about all risks or problems before they happen and setting up mitigation plan that will minimize risk for business-as-usual operations.
5 Steps to Risk Assessment
• Identify the Business Risks
• Prioritize them with the help of Risk Priority Number (RPN) Matrix
• Work on Risk Mitigation Plan
• Periodically review Business Risk and RPN
• Record Significant findings if any
Analyze the Risk
• Assess the likelihood of the risk occurring – measuring the probability of occurrence
• Assess the consequence/impact if the risk occurred – measuring the frequency or severity
• The risk then determines whether the risk rating is low, medium, high
Risk Matrix, Example 1
A risk matrix used during risk assessment to define the level of risk by considering the category of probability or likelihood against the category of consequence severity. This is a simple mechanism to increase visibility of risks and assist management decision making
Risk Assessment and Mitigation Plan Template
Instructions:
Step 1: Brainstorm risks.
Step 2: For each risk, assign a High/ Medium/ Low value for both likelihood and Potential impact
Step 3: Develop a mitigation strategy for each High/ High, High/Medium, and Medium/ High risk. Consider developing mitigation strategic for the Medium & High risks.
Risk Treatment
• Acceptance/Retention: If, after controls are in place, the residual risk is demand acceptable. However, plans should be in place to manage/fund the consequences of the risk should it occur.
• Reduction: Implement a strategy that is to reduce the likelihood or consequence of the risk to an acceptable level, where elimination is excessive in terms of time or expense
• Share/Transfer: Implement a strategy that shares or transfers the risk to another party, such as outsourcing the management of physical assets, developing contracts with service providers, or insuring against the risk.
• Avoidance: Deciding not to proceed with the activity that introduce the unacceptable risk, choosing an alternative more acceptable activity that meets business objectives, or choosing an alternative less risky approach or process
