Risk Identification

(OBJ 5.2)

Risk Identification

• Crucial first step in risk management

• Involves recognizing potential risks that could impact an organization

• Risks can vary from financial and operational to strategic and reputational

• Once risk identification is conducted, we will often follow this up by conducting a business impact analysis and determining some key metrics

• Techniques

  • Brainstorming
  • Checklists
  • Interviews
  • Scenario Analysis

• Organization should consider a wide range of risks, including operational, financial, strategic, and reputational risks

• Goal: Create a comprehensive list of risks based on those events that might prevent the organization from achieving its objectives.

• Once identified, document and analyze risks based on impact and likelihood

Business Impact Analysis (BIA)

• Evaluates effects of disruptions on business functions

• Identifies and prioritizes critical functions and processes

• Assesses impact of risks on functions

• Determines required recovery time for functions

• Key Metrics in BIA

  • Recovery Time Objective (RTO)
    • Maximum acceptable time before the lack of a business function severely impacts the organization
    • Target time for restoring a business process
    • Example:
      • "Before the impact on sales"
      • "Before customer satisfaction goes down severely"
  • Recovery Point Objective (RPO)
    • Maximum acceptable data loss measured in time
    • Point in time data must be restored to resume business operations
    • Example:
      • If an organization has an RPO of 4 hours, it means the business can tolerate a data loss of up to 4 hours.
      • This means their systems need to be backed up at least every 4 hours to meet this objective.
  • Mean Time to Repair (MTTR)
    • Average time to repair a failed component or system
    • Indicator of repair speed and downtime minimization
  • Mean Time Between Failures (MTBF)
    • Average time between system or component failures
    • Measure of reliability
    • A higher MTBF indicates a system that fails less frequently, which can be a sign of a reliable and well-maintained system.
    • Example:
      • A machine braking down 5 times a year means that it has a MTBF of 2.4 Months or roughly 72 days.