|
What is Risk Management?
Risk Management is integral to the efficient operations of any
organisation.
The Australian / New Zealand Standard on Risk Management (AS/NZS
4360:1999) define Risk Management as:
"the systematic application of management policies, procedures
and practices to the tasks of identifying, analysing, assessing,
treating and monitoring risk"
Risk Management is integral to the efficient operations of any
organisation. The main elements of risk management (as described
in AS/NZS 4360: 1999) are shown in the figure below:
Risk Assessment in Business Continuity
Management
The Risk Assessment phase of Business Continuity Management is
closely aligned with the Business Impact Analysis and involves:
- Identification the risks to the key resources
(identified within the Business Impact Analysis);
- Assessment of the likelihood of these
risks occurring;
- Analysis of the consequences if these
risks occur;
- Assessment and analysis of risks
to the physical site and facilities.
Once the risks are identified appropriate Risk Treatments
need to be put in place. Typically risks can be treated in the following
ways:
- Risk avoidance
An informed decision not to become involved in a risk situation.
- Risk acceptance
An informed decision to accept the likelihood and consequences
of a particular risk.
- Risk transfer
Shifting the responsibility or burden for loss to another
party through legislation, contract, insurance or other means.
Risk transfer can also refer to shifting a physical risk, or
part thereof, elsewhere.
- Risk reduction
A selective application of appropriate techniques and management
principles to reduce either likelihood of an occurrence or its
consequences or both (e.g. Business Continuity Plans, Emergency
Response Plans, IT Failover etc.
- Risk retention
Intentionally or unintentionally retaining the responsibility
for loss or the financial burden of loss within the organisation.
|
