importance of risk analysis
TRANSCRIPT
7/31/2019 Importance of Risk Analysis
http://slidepdf.com/reader/full/importance-of-risk-analysis 1/13
Risk Assessment in a project is the most difficult phase of all to carry out. From the definition we gave
elsewhere, a risk is a combination of uncertainty and constraint. Constraints are usually difficult to remove,
though they are important to understand. For instance, a constraint that the project must be finished in time to
reflect a new piece of legislation is easy to understand. Manpower constraints are often more uncertain, such as
the availability of skilled staff at the critical phase of the project. But, you say, you are just defining a constraint
as an uncertainty.
One important step in assessing your project ideas is risk analysis or risk assessment, and the best thing
to do about it is when you comply with the law. This helps you focus on the risks and what matters in your
workplace, especially the ones that can potentially cause harm to your project proposal. We propose a project
and analyzed it with a projection to earn profit, but the question is “how if the project we propose in the
future delivers only losses instead of profit that we expect?” So risk analysis will answer this critical question.
We all know that risk cannot be avoided but it can be decrease the occurrence by applying risk analysis.
Although the law does not expect business owners to totally eliminate all the risks, it pushes them to protect
people from accidents as much as possible. There are various methods that work well with risk management
systems, particularly for more complex risks and circumstances.
A risk assessment is a careful examination of what can possibly cause harm. It makes the owner of the project
aware whether or not he has taken enough precautions and what to do to prevent accidents like losses.
How to assess the risks in your workplace
Follow the five steps in our leaflet: Five steps to risk assessment .
1. Identify the hazards
2. Decide who might be harmed and how
3. Evaluate the risks and decide on precaution
4. Record your findings and implement them
5. Review your assessment and update if necessary
Don’t overcomplicate the process. In many organisations, the risks are well known and the necessary
control measures are easy to apply. You probably already know whether, for example, you have
employees who move heavy loads and so could harm their backs, or where people are most likely to
slip or trip. If so, check that you have taken reasonable precautions to avoid injury.
If you run a small organisation and you are confident you understand what’s involved, you can do the
assessment yourself. You don’t have to be a health and safety expert.
Download the Risk Assessment and Policy Template. This template brings together your risk
assessment, health and safety policy, and record of health and safety arrangements into one document
7/31/2019 Importance of Risk Analysis
http://slidepdf.com/reader/full/importance-of-risk-analysis 2/13
to help you get started and save time. If you already have a health and safety policy, you may choose
to simply complete the risk assessment part of the template. We also have a number of example risk
assessments to show you what a risk assessment might look like. Choose the example closest to your
own business and use it as a guide for completing the template, adapting it to meet the needs of your
own business.
If you work in a larger organisation, you could ask a health and safety adviser to help you. If you are not
confident, get help from someone who is competent. In all cases, you should make sure that you
involve your staff or their representatives in the process. They will have useful information about how
the work is done that will make your assessment of the risk more thorough and effective. But
remember, you are responsible for seeing that the assessment is carried out properly.
When thinking about your risk assessment, remember:
a hazard is anything that may cause harm, such as chemicals, electricity, working from ladders, an
open drawer, etc; and
the risk is the chance, high or low, that somebody could be harmed by these and other hazards,
together with an indication of how serious the harm could be.
Risk assessment is the process by which businesses and organizations focus on critical areas of concernand prioritize their use of resources in order to maximize response and recovery efforts. In makingstrategic decisions, business and government leaders routinely try to predict the benefits and/or harmthat might be caused by implementing or failing to implement those decisions. The Risk AssessmentMatrix (RAM) can be viewed as a logical extension of that process.
Through this process, companies and agencies:
Identify their most important (critical) processes and functions;
Identify threats most likely to impact those processes and functions;
Determine the vulnerability of critical functions and processes to those threats; and
Prioritize deployment of personnel and resources in order to maintain continuous operation of critical functions and processes.
An accurate risk assessment can reveal operations that are subject to a “single point of failure.”
Implementation of effective prevention measures will eliminate some threats and significantly reducethe impact of others. It has been reported that, for every $1.00 spent on prevention, there is a potentialsavings of $7.00.
Information collected using the RAM model will enable a business or agency to identify:
7/31/2019 Importance of Risk Analysis
http://slidepdf.com/reader/full/importance-of-risk-analysis 3/13
Functions and processes critical to maintaining continuous operation;
Threats most likely to disrupt those identified, critical functions and processes;
Personnel and expertise required to handle critical incidents that impact the continuity of business
and/or agency operations.
Areas to be considered include:
Company/agency products and services and the facilities and equipment needed to produce them;
Products and services provided by suppliers, especially sole source vendors; and
Lifeline services such as electrical power, water, sewer, gas, telecommunications, and transportation.
Some of the data collected during the RAM process should be shared between public and private entities in
order to facilitate effective public and private response. Ineffective response results in unintended impacts such
as:
Loss of business and tax revenue;
Loss of customer and citizen confidence;
Exposure to litigation;
Bankruptcy; and
Damage to business and community reputation/image.
7/31/2019 Importance of Risk Analysis
http://slidepdf.com/reader/full/importance-of-risk-analysis 4/13
Risk Assessment Matrix: A Flexible Tool
The RAM format is intended for use by private and public organizations of varying sizes and configurations. It is a
concise, user-friendly tool for gathering information to prioritize assets, identify mitigation needs and develop
preparedness, response, and recovery plans.
The six (6) steps in the RAM process are:1. Identify business functions and processes.
2. Rank functions and processes according to criticality.
3. Determine recovery time required to sustain critical functions and processes.
4. Identify threats that impact each critical business function and process.
5. Determine the vulnerability of each critical business function and process.
6. Confirm that appropriate personnel, plans, and resources are in place to respond. If gaps exist, identify
relevant solution areas1 to address shortcomings.
The manner in which the RAM is completed will vary according to circumstances. A small business or agency
may assign one individual to complete the process for the entire organization. A large, multi-divisional
organization (shipping, human resources, operations/manufacturing, etc.) may wish to task an individual in each
division or unit with assessing that part of the operations. Data collected is then used to establish critical
incident response priorities.
Preliminary Information
Before focusing on specific functions, it is important to make sure that everyone in the organization sees the
“big picture.” Those responsible for specific areas need to have a clear understanding of how their areas
contribute to the bottom line of the organization. Corporations and agencies with a well-defined vision, mission
statement and strategic plan are ready to initiate the RAM process. Other groups may need to spend some time
in this area.
Following are the six (6) steps of the RAM model. Within the steps are “values” or explanations. Use the RAM
worksheet to capture pertinent information
2
.
Step One: Identify Functions and Processes
1 Planning, Organization, Facilities, Equipment, Training and Exercising.2 Detailed instructions are printed on the back side of each RAM form. A copy of the RAM is attached to this document.
7/31/2019 Importance of Risk Analysis
http://slidepdf.com/reader/full/importance-of-risk-analysis 5/13
List the separate functions and processes required to create a product or provide a service. Typical business
functions/procedures include:3
Shipping & Receiving Communications
Inventory Production
Service Finance
Human Resources Training
Marketing Facility Management
Sales Information Technology
3 This list is not all-inclusive. Make adjustments as necessary.
7/31/2019 Importance of Risk Analysis
http://slidepdf.com/reader/full/importance-of-risk-analysis 6/13
Step Two: Determine Criticality
Of the business processes listed in Step #1, which are the most critical to the continual operation of the business
or agency? In determining criticality, consider the following:
Does this business function affect the safety of employees or the general public?
How important is this business function to the mission of the agency/business?
How important is this function to the continuity of business operations?
How would a loss or disruption affect the “bottom line?”
The following definitions may be used as a general guide and should be modified to meet the requirements of
each specific process or function:
Critical – necessary and/or vital. May pose a life-safety risk to employees and/or general public.
Essential – important but not critical. Disruption would cause difficulties. Non-Essential – disruption is merely inconvenient.
Step Three: Determine Recovery Time
Determine the recovery time for each critical business function listed in Step #2. In determiningrecovery time, consider the following:
Time from loss or disruption of process to the point when continued disruption or loss is detrimental to
the mission of the business;
Special circumstances that may delay or prevent recovery actions, i.e., designation of an area as a crime
scene or contamination by a dangerous chemical;
Impact on public confidence if response is perceived to be too slow.
In determining recovery time the following guide may be considered:4
Immediate – 0 to 24 hours;
Delayed – 24 hours to 7 days;
Deferred – beyond 7 days.
Step Four: Identify Threats
Identify threats that may halt or disrupt each of the critical business functions identified in Step #3.This will likely require input from public agencies (law enforcement, fire services, emergency medicalservices, public works, local emergency management officials, etc.). Consider those threats that have
4 Each business must determine their appropriate recovery criteria.
7/31/2019 Importance of Risk Analysis
http://slidepdf.com/reader/full/importance-of-risk-analysis 7/13
occurred and those that may be likely to occur. Multiple threats may impact a single function ormultiple functions. In identifying threats consider:
Natural disasters (tornados, floods, severe weather);
Human-caused events (workplace violence, terrorist attack, sabotage, critical information theft);
Facility-related emergencies (hazardous materials, loss of utilities, proximity to other threats);
Asset protection incidents (inadequate systems, untrained personnel);
Information systems difficulties (lack of backup);
Employee-related problems (training, attitude, misconduct/grievances);
Other events and incidents (nearby threats, political activities).
When assessing the various threats it is important to consider:1) What can occur;
2) The damage it is likely to cause.
Step Five: Determine Vulnerability
Determine which of the threats identified above have the greatest likelihood of disrupting or attacking eachcritical business function. When assessing how vulnerable a process or function is to the various threats, it is
important to consider:
1) How likely it is that a threat will occur;
2) How often a threat is likely to occur.
The following descriptions are suggested as a guide:
Highly Vulnerable – business functions that are most likely to experience threat.
Vulnerable – may experience the threat or threat.
Not Vulnerable – not likely to experience the threat or threat.
Step Six: Select Action Plans
Determine if there are appropriate plans5 and resources to address the threats that are most disruptive to the
critical business functions. It is imperative that these plans and capabilities are current and adequate6. If gaps or
shortcomings are discovered, determine:
What do I have and what do I need? Solution areas include:o Planning. o Organization. o Facilities o Equipment. o Training. o Exercising.
Can the issues be addressed using available company personnel and resources or will outside personnel
and/or resources be required of other businesses and/or public organizations?
5 This includes both private, business plans and public, emergency operations plans.6 Plans and resources must be tested regularly by conducting tabletop, functional and full-scale exercises.
7/31/2019 Importance of Risk Analysis
http://slidepdf.com/reader/full/importance-of-risk-analysis 8/13
If solutions require coordination with public agencies, do the businesses and public agencies involved
need to develop or enhance a public-private partnership?
Risk Assessment Matrix Form
A copy of the Risk Assessment Matrix Form is attached. There are further instructions for completingthe RAM on the back side of the document.
Summary
The above process should result in a determination of 1) what is critical to the continual operation of the
business or agency, 2) what is most likely to disrupt those critical business functions, and 3) if there are current
and adequate response plans in place. The process involves determining priorities and allocating resources to
assure continuity of critical operations.
7/31/2019 Importance of Risk Analysis
http://slidepdf.com/reader/full/importance-of-risk-analysis 9/13
Business:Address:
Telephone:
1 Function or Process 2 Crit. 3 Rec. 4 Threat 5 Vul. 6 Action Plan Priority
7/31/2019 Importance of Risk Analysis
http://slidepdf.com/reader/full/importance-of-risk-analysis 10/13
Form Completed By: Date:
INSTRUCTIONS FOR COMPLETING THE RAM PRIORITY LISTING FORM (See illustration at bottom of form.)
1. List all business functions and processes on
a sheet of paper.
3. Determine recovery time for each function. 5. Determine vulnerability. Establish priority
ranking for follow-up actions.
2. Determine criticality and list the top 1-3
function(s) on the RAM form.
4. Identify threats that impact critical functions. 6. Develop action plan to prioritize
personnel response & resource use.
1 Functions and processes:
Communications
Customer Service
Facility Management
Finance
Human Resources
Information Technology Inventory
Marketing
Production
Sales
Shipping/Receiving
Training
2 Criticality:
C: Critical – Necessary. Life safety risk.
E: Essential – Important, but not immediately
critical. Critical over time.
NE: Non-essential – Merely inconvenient.
3 Recovery Time:
I: Immediate 0 – 24 hrs
Del: Delayed 24 hrs to 7 days
Def : Deferred Over 7 days
4 Threats (Natural/Human-Caused):
Civil disturbance Communications Failure
Earthquake Explosion
Fire
Flood and Flash flood
4 Threats (continued):
Hazardous Materials Incident
Hurricane
Loss of Key Supplier or Customer Severe Winter Storm
Technological Emergency Terrorist Attack
Tornado
5 Vulnerability:
H: Highly Vulnerable – Business function i
highly susceptible to the threat.
V: Vulnerable – Business function is somewha
susceptible to the threat.
NV: Not vulnerable – Business function is no
likely to be affected by the threat.
7/31/2019 Importance of Risk Analysis
http://slidepdf.com/reader/full/importance-of-risk-analysis 11/13
6 Action Plan:
Planning. Review and update:
Plant Closing Policy Evacuation Plan
Fire Protection Plan
Mutual Aid Agreements
Hazardous Materials Response Plan
Vital Records Protection Plan
Security Procedures
Insurance Programs Employee ManualsOrganization. Review need for:
Emergency Response Team
Emergency Medical Services
Security
Organization (continued):
Emergency Management Group
Evacuation Team
Public Information OfficerFacilities. Determine the need for:
Emergency Operating Center
Media Briefing Area
Shelter Areas
First-Aid Stations
Sanitation Facilities.Equipment. Determine the need for:
Fire Protection/Suppression Equipment
Communications Equipment
First Aid Supplies Emergency Supplies Warning Systems
Emergency Power Equipment
Decontamination EquipmentTraining. Determine need for:
Sessions To Review Procedures Technical Training For ErtExercising. Conduct Regular Exercises:
Tabletop, Functional, and/or Full-Scale
Natural & Human-Caused Scenarios
For more planning guidance, see Emergency
Management Guide for Business and In-
dustry @ http:/ /www.fema.gov /pdf/library/
bizindst.pdf published by the Red Cross.
RAM Illustration
Business:Sample Illustration Address: Sample Illustration
Telephone: Sample Illustration Sample Illustration
1 Function or Process 2 Crit. 3 Rec. 4 Threat 5 Vul. 6 Action Plan Priority
7/31/2019 Importance of Risk Analysis
http://slidepdf.com/reader/full/importance-of-risk-analysis 12/13
Shipping & Receiving C I Equipment failure H Lease agreement 1
Shipping & Receiving C I Fire H Sprinklers; fire inspection; fire response 1
Inventory C I Sole-Source Supplier H Agreement with alternate supplier 1