Risk assessing is the process of identifying potential risks that could harm an organization. A risk assessment template helps you identify the hazards that could negatively impact your business and the extent of that negative impact. Correctly identifying the risks your business could face could help reduce the severity of any potentially damaging event.
To start, you’ll want to collect information on any threats that could harm your business. Finding this data can be difficult and some of it requires making educated guesses. At the end of the day, it’ll be well worth the investment of your time so that you can determine both the likelihood of the threat occurring and what actions to take to proactively prevent it. Company records, employee recollection of disruptive events, and experiences of competitors can provide useful information during this assessment process. Additionally, media records (both local and national), and National Weather Service historical data can be exceptionally helpful in identifying risk.
We all know what disasters consist of, but do we necessarily understand what categories they fall into? Well, let’s start with the main categories: “man-made” and “natural” disasters.
Unlike natural disasters, the man-made category has 3 sub-categories: deliberate, accidental, and indirect.
To effectively assess potential hazards, you’ll want to qualitatively label each one. For instance you might want to determine that a hurricane has a “medium (M)” chance of occurring, because you are located in Florida. On the other hand, you could say there is a “low (L)” chance that an earthquake will occur. Giving these labels will help when completing the template later on as you analyze the overall hazard rating.
On top of identifying the potential hazards, you will also want to perform a vulnerability assessment to the business assets that may be at risk. This is going to be the same process as above, but replacing potential hazards with the assets that could be lost if these hazards occur. These assets can include:
Once you have defined your business’ most critical assets, your next move will be to analyze them and determine which ones will be the most susceptible to damage from a potential hazard. These vulnerabilities can include flaws in the building construction, security, process systems, and much more. Again, rating these qualitatively (Low, Medium, High risk) will help you remain organized and help you display exactly what you need to when creating your overall hazard rating.
Before you can check this off your things to do, you have one more ingredient to add- the “impact” list. By now you should have a list of potential hazards and a list of assets that could be at risk if any of the above disasters occurred.
Now, what you need to think about is the impact those hazards could have on your assets. This includes casualties, financial loss, property damage, lawsuits, etc. Determine whether any action can be taken to prevent or reduce the potential impact of these scenarios. If you find that many of these potential outcomes are things that you can prepare for before a disaster, you will want to invest some more of your time in creating a mitigation strategy. This is all analyzed in more depth in a business impact analysis.
The ultimate goal is to create an overall hazard rating for your business. What are the risks, how severe (or probable) is it that the risk occurs, and what are the business assets most likely to be impacted by that risk? For instance a hurricane might have a high (H) chance of occurring and a medium-level (m) impact on your property. You will simply label this “H-M” and this is your overall hazard rating. From this you will be able to determine what holds the most risk, giving you an idea of what needs the most attention.
Essentially this can be explained in the formula: risk = likelihood x impact. “A high-level of likelihood” multiplied by “a medium-level of impact” would lead to a medium-high (M-H) risk to your organization. If you feel that quantifying these numbers is better for you, go ahead; it’s all about personal preference.
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.