The Manager’s Guide to Risk Assessment: Getting it Right
4/5
()
About this ebook
Risk assessment is required for just about all business plans or decisions. As a responsible manager, you need to consider threats to your organization’s resilience. But to determine probability and impact – and reduce your risk – can be a daunting task. Guided by Douglas M. Henderson’s The Manager’s Guide to Risk Assessment: Getting It Right, you will confidently follow a clearly explained, step-by-step process to conduct a risk assessment.
As you embark on the risk assessment process, you could not find a better and more uniquely qualified guide than Douglas M. Henderson. His 20+ years of experience with major consulting firms includes certification as a professional actuary and business continuity planner. His actuarial knowledge makes him an expert in applying mathematical and statistical methods to help organizations to assess and manage risks. He has applied this real-world knowledge of risk to helping businesses prepare for emergencies and business interruptions of all types.
Henderson offers samples and checklists, including case studies using a fictional company in which he conducts a complete qualitative risk assessment and then a complete quantitative risk assessment, then arrives at a set of comparable actions. His explanations and sample problems will help you to:
- Define risk management terms, such as threat, event, and risk control.
- Identify threats and determine the worst-case situation your organization could face.
- Collect information on probability for natural and non-natural threats.
- Understand the difference between qualitative and quantitative risk assessment.
- Describe probability and impact levels.
- Identify exposures and examine specific risk controls.
- Estimate a financial value for implementing a risk control.
- Determine when outside professional help is needed.
As an added bonus, Henderson explores the topic of risk controls with you, helping you to evaluate what risk controls will best reduce the probability of disruptive events and reduce their impact should they occur. To insure the best investment of time and money, you will perform a cost-benefit analysis for each possible risk control to make the best choice for your organization.
Douglas M. Henderson FSA, CBCP
Douglas M. Henderson, President of Disaster Management, Inc., has 20 years of experience in management with major consulting firms. In August of 1992, Doug was the key associate of the Emergency Response Team for a consulting firm located in South Miami-Dade County. Inspired by his real-life business experience with Hurricane Andrew and concerned about the lack of preparation within the business community, Doug founded Disaster Management, Inc. in 1993. Doug has a Degree in Mathematics from the University of Arizona. His professional credentials include FSA – Fellow, Society of Actuaries and CBCP – Certified Business Continuity Professional. Doug is the author of the book Is Your Business Ready for the Next Disaster? and is the author of the Business Continuity Template for Manufacturing and Distribution, the Template for Comprehensive Business Continuity Management, the Continuity of Operations Plan for Colleges and Universities and several other planning templates. Doug is also the co-author of the college textbook Business Continuity and Risk Management: Essentials of Organizational Resilience.
Related to The Manager’s Guide to Risk Assessment
Related ebooks
Risk Management Simplified: A Definitive Guide For Workplace and Process Risk Management Rating: 5 out of 5 stars5/5Risks Classification A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsFoundations of Quality Risk Management: A Practical Approach to Effective Risk-Based Thinking Rating: 0 out of 5 stars0 ratingsRisk appetite Third Edition Rating: 0 out of 5 stars0 ratingsInherent risk Standard Requirements Rating: 0 out of 5 stars0 ratingsRisk matrix A Complete Guide Rating: 4 out of 5 stars4/5Chief risk officer Third Edition Rating: 5 out of 5 stars5/5Enterprise Risk Management: A Common Framework for the Entire Organization Rating: 5 out of 5 stars5/560 Minute Operational Risk Management Rating: 5 out of 5 stars5/5Guide to effective risk management 3.0 Rating: 0 out of 5 stars0 ratings151 Ways To Identify Risk Rating: 3 out of 5 stars3/5Ioannis Tsiouras - The risk management according to the standard ISO 31000 Rating: 3 out of 5 stars3/5Project Risk Management: A Practical Implementation Approach Rating: 4 out of 5 stars4/53rd Party Risk Management A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsIntroduction to Enterprise Risk Management: A Guide to Risk Analysis and Control for Small and Medium Enterprises Rating: 0 out of 5 stars0 ratingsOperational Risk Management: Best Practices in the Financial Services Industry Rating: 0 out of 5 stars0 ratingsPractical Project Risk Management: The ATOM Methodology Rating: 0 out of 5 stars0 ratingsProject Risk Management: The Most Important Methods and Tools for Successful Projects Rating: 5 out of 5 stars5/5Strategic Risk Management: New Tools for Competitive Advantage in an Uncertain Age Rating: 0 out of 5 stars0 ratingsIdentifying and Managing Project Risk Third Edition Rating: 0 out of 5 stars0 ratingsThe Certified Operational Risk Manager Rating: 0 out of 5 stars0 ratingsISO 31000 Risk Management A Complete Guide - 2021 Edition Rating: 2 out of 5 stars2/5ISO 31000 A Complete Guide Rating: 4 out of 5 stars4/5Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project Rating: 4 out of 5 stars4/5Key Risk Indicator A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsThe Art of Risk Management: Learn to Manage Risks Like a Pro Rating: 3 out of 5 stars3/5ISO 31000 Risk Management A Complete Guide - 2019 Edition Rating: 1 out of 5 stars1/5COSO ERM Standard Requirements Rating: 0 out of 5 stars0 ratings
Business For You
The Intelligent Investor, Rev. Ed: The Definitive Book on Value Investing Rating: 4 out of 5 stars4/5Your Next Five Moves: Master the Art of Business Strategy Rating: 5 out of 5 stars5/5The Richest Man in Babylon: The most inspiring book on wealth ever written Rating: 5 out of 5 stars5/5Emotional Intelligence: Exploring the Most Powerful Intelligence Ever Discovered Rating: 5 out of 5 stars5/5Becoming Bulletproof: Protect Yourself, Read People, Influence Situations, and Live Fearlessly Rating: 4 out of 5 stars4/5Confessions of an Economic Hit Man, 3rd Edition Rating: 5 out of 5 stars5/5Tools Of Titans: The Tactics, Routines, and Habits of Billionaires, Icons, and World-Class Performers Rating: 4 out of 5 stars4/5The Everything Guide To Being A Paralegal: Winning Secrets to a Successful Career! Rating: 5 out of 5 stars5/5How to Write a Grant: Become a Grant Writing Unicorn Rating: 5 out of 5 stars5/5Carol Dweck's Mindset The New Psychology of Success: Summary and Analysis Rating: 4 out of 5 stars4/5The Five Dysfunctions of a Team: A Leadership Fable, 20th Anniversary Edition Rating: 4 out of 5 stars4/5Crucial Conversations: Tools for Talking When Stakes are High, Third Edition Rating: 4 out of 5 stars4/5The Book of Beautiful Questions: The Powerful Questions That Will Help You Decide, Create, Connect, and Lead Rating: 4 out of 5 stars4/5Crucial Conversations Tools for Talking When Stakes Are High, Second Edition Rating: 4 out of 5 stars4/5Set for Life: An All-Out Approach to Early Financial Freedom Rating: 4 out of 5 stars4/5Robert's Rules Of Order Rating: 5 out of 5 stars5/5Capitalism and Freedom Rating: 4 out of 5 stars4/5The Catalyst: How to Change Anyone's Mind Rating: 4 out of 5 stars4/5Just Listen: Discover the Secret to Getting Through to Absolutely Anyone Rating: 4 out of 5 stars4/5Collaborating with the Enemy: How to Work with People You Don’t Agree with or Like or Trust Rating: 4 out of 5 stars4/5Law of Connection: Lesson 10 from The 21 Irrefutable Laws of Leadership Rating: 4 out of 5 stars4/5How to Get Ideas Rating: 5 out of 5 stars5/5Buy, Rehab, Rent, Refinance, Repeat: The BRRRR Rental Property Investment Strategy Made Simple Rating: 5 out of 5 stars5/5
Reviews for The Manager’s Guide to Risk Assessment
1 rating0 reviews
Book preview
The Manager’s Guide to Risk Assessment - Douglas M. Henderson FSA, CBCP
The Manager’s Guide to
Risk Assessment:
Getting it Right
A Rothstein Publishing Collection eBook
Douglas M. Henderson
FSA, CBCP
Kristen Noakes-Fry, ABCI, Editor
EPUB ISBN: 978-1-944480-36-3
PDF ISBN: 978-1-944480-37-0
203.740.7400
info@rothstein.com
www.rothstein.com
Keep informed about Rothstein Publishing:
COPYRIGHT ©2017, Rothstein Associates Inc.
All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without express, prior permission of the Publisher.
No responsibility is assumed by the Publisher or Authors for any injury and/or damage to persons or property as a matter of product liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein.
Local laws, standards, regulations, and building codes should always be consulted first before considering any advice offered in this book.
EPUB ISBN: 978-1-944480-36-3
PDF ISBN: 978-1-944480-37-0
203.740.7400
info@rothstein.com
www.rothstein.com
Preface
My primary purpose in this book is to give you an understanding of the practical procedures required to conduct a risk assessment. Your initial goal in a risk assessment is to focus resources to respond to the threats that are most important to your organization. After this is accomplished, you will be able to develop specific procedures to improve organizational resiliency.
Why? What? How? This book begins by explaining why you should spend the time and energy involved with developing a risk assessment and why a basic understanding of risk management is beneficial to an organization. Next, you will explore what a risk assessment entails and the practical application to an individual organization, and then you will be introduced to two alternative approaches to performing a risk assessment. Finally, you will examine various methods to reduce risk.
Chapter 1: Overview of Risk Management
First, you will examine the progression by which ordinary threats become disruptive events to your organization. You will explore risk, risk management, and risk assessment principles and their importance to any well managed organization.
Chapter 2: Threat Identification
After examining threats from multiple perspectives, you will then learn how to determine the most likely specific threats to be analyzed. Essentially, you will be identifying the enemy,
which is the first step in dealing with the problem.
Chapter 3: Determining Probability and Impact for Risk Assessment
You will see how to determine the probability of an event materializing and its possible impact upon your organization. Once probability and impact are established, you can determine risk. The chapter also introduces two methods of conducting a risk assessment – a qualitative approach and a quantitative approach. Both approaches are based on the same principles and, when used correctly, both approaches will produce accurate results. The quantitative approach will produce results with more precision than the qualitative approach, but will require some additional effort.
Chapter 4: Qualitative Risk Assessment
You will learn the basic process to conduct a qualitative risk assessment that classifies risks by using little or no mathematics.
Chapter 5: Quantitative Risk Assessment
You will learn the basic process to conduct a quantitative risk assessment that classifies risks by using mathematics.
Chapter 6: Risk Controls: Improving Organization Resiliency
Finally, you will see how to identify and implement risk controls to improve organizational resiliency. Once you have reviewed these principles of risk reduction, you will be ready to select and analyze possible risk reduction measures from a comprehensive list of risk controls.
Appendices
In the appendices, you will find two sample risk assessments; one qualitative risk assessment and one quantitative risk assessment. Each risk assessment is for a sample fictitious company that will provide you with a working example of how a risk assessment is conducted. Essentially, this allows you to apply the principles that you have learned in this book to a realistic situation. It will be a useful guideline when you decide to conduct a risk assessment for your organization.
While this book is directed primarily to managers and executives, you will find it useful if you are a business continuity (or organizational resilience) professional or participating in a professional training course. I am confident that when you complete your readings, you will be sufficiently versed to undertake a risk assessment.
Douglas M. Henderson
Port St Lucie, Florida
February 2017
Table of Contents
Cover
Title Page
Copyright
Preface
Chapter 1: Overview of Risk Management
1.1 What Are Threats, Events, and Disruptive Events – and How Are They Linked?
1.2 What Are Risk, Risk Assessment, and Risk Analysis?
1.2.1 Risk
1.2.2 Risk Assessment
1.2.3 Risk Analysis
1.3 The Big Picture
1.4 Risk Assessment Within BCM
1.4.1 Three Analysis Components in BCM
1.5 Risk Treatment Procedures
1.5.1 Risk Avoidance: Why Not Eliminate Risk Entirely?
1.5.2 Risk Transfer: The Easy Way Out?
1.5.2.1 Insurance
1.5.2.2 Subcontracting
1.5.3 Risk Reduction
1.5.3.1 Physical Risk Controls
1.5.3.2 Procedural Risk Controls
1.5.3.3 Identify Vulnerabilities
1.5.4 Risk Acceptance
1.6 Conducting a Risk Assessment
1.6.1 Assemble a Team
1.6.2 Consider a Consultant
1.6.3 Consider Purchasing Software
1.6.4 Consultant and Software Summary
1.6.5 Develop an Action Plan
1.6.6 Report to Management
Questions for Thought, Review, and Discussion References
Chapter 2: Threat Identification
2.1 Identifying Threats
2.2 Grouping Threats
2.3 Why Not Cover Just the Most Extreme (Worst Case) Threat?
2.4 Natural Threats
2.4.1 Weather Threats
2.4.2 Seismic
2.4.3 Other Natural Threats
2.5 Man-Made Threats
2.5.1 Internal (Likely Intentional/Security Related)
2.5.2 Internal (Likely Non-Intentional)
2.5.3 External (Likely Intentional)
2.5.4 External (Likely Non-Intentional)
2.5.5 External (Likely Non-Intentional Medical)
2.5.6 External (Likely Non-Intentional Transportation)
2.5.7 External (Likely Non-Intentional Utility)
2.6 Technology Threats
2.6.1 Alternate Site
2.6.2 Communication (External or Internal)
2.6.3 Data Center
2.6.4 Information Management
2.6.5 Information or Cyber Security Management
2.7 Other Threats
2.7.1 Internal
2.7.2 External
Questions for Thought, Review, and Discussion
References
Chapter 3: Determining Probability and Impact for Risk Assessment
3.1 Risk Determination
3.2 Determining Probability
3.2.1 Natural Threats
3.2.2 Non-Natural Threats
3.3 Determining Impact
3.3.1 Disruption of Operations
3.3.2 How Does a Risk Cause Downtime?
3.3.3 When Does a Disruption of Operations Cause a High Impact?
3.3.4 Importance of Risk Controls
3.3.5 Additional Considerations
3.3.5.1 Example #1: Ice Storm
3.3.5.2 Example #2: Hurricane
3.3.5.3 Example #3: Flood
3.3.5.4 Example #4: Oil Spill
3.4. Does the High Probability and High Impact Risk Category Exist?
3.5 Qualitative and Quantitative Risk Assessment
3.5.1 Which Approach Is Better?
Questions for Thought, Review, and Discussion
References
Further Reading
Chapter 4: Qualitative Risk Assessment
4.1 Qualitative Risk Assessment
4.2 How to Use a Risk Matrix for EveryChem, a Sample Organization
4.2.1 Probability for Seven Sample Threats
4.2.2 Impact for Seven Sample Threats
4.2.3 Risk Assessment Using 2X2 Risk Matrix
4.2.4 Recommended Management Action from Risk Assessment
4.3 Limitations of the 2X2 Risk Matrix
4.4 A Second Approach: Using a 3X3 Risk Matrix
4.4.1 Moderate Probability and Impact
4.5 An Example 3X3 Risk Matrix for EveryChem, the Sample Company
4.5.1 Expanded Probability for Seven Sample Threats
4.5.2 Expanded Impact for Seven Sample Threats
4.5.3 Risk Assessment Using 3X3 Risk Matrix
4.5.4 Recommended Management Action from Expanded Risk Assessment
4.5.5 Advantages of 3X3 Risk Mat
4.6 Can the 3X3 Risk Matrix Be Expanded?
Questions for Thought, Review, and Discussion
References
Chapter 5: Quantitative Risk Assessment
5.1 Quantitative Risk Assessment
5.2 Improving the Simple Formula by Squaring Impact
5.3 How to Use Quantitative Risk Assessment for EveryChem, a Sample Organization
5.3.1 Probability for Seven Sample Threats
5.3.2 Impact for Seven Sample Threats
5.3.3 Basic Quantitative Risk Assessment
5.3.4 Recommended Management Action from Risk Assessment
5.4 Limitations of the Basic Quantitative Risk Assessment
5.5. A Second Approach: Introducing a Moderate Probability and Impact
5.6 An Expanded Quantitative Risk Assessment for EveryChem, the Sample Organization
5.6.1 Probability for Seven Sample Threats
5.6.2 Impact for Seven Sample Threats
5.6.3 Expanded Quantitative Risk Assessment
5.6.4 Recommended Management Action from Expanded Risk Assessment
5.6.5 Advantages of the Expanded Quantitative Risk Assessment
5.7 Can Quantitative Risk Assessment Be Improved Further?
Questions for Thought, Review, and Discussion
References
Chapter 6: Risk Controls: Improving Organization Resiliency
6.1 Determine the Goals and Objectives
6.2 Evaluate Existing Risk Controls
6.3 Determine the Value of New Risk Controls
6.3.1 Nonfinancial Factors to Be Considered for Your Organization
6.3.2 Cost Justifying Risk Controls
6.3.3 How Much Time to Allow for a Risk Control to Produce a Positive Return?
6.3.4 When Does It Make Sense to Use an Outside Professional?
6.4 Existing Risk Controls
6.4.1 Building Fortification Controls
6.4.1.1 Earthquakes
6.4.1.2 Floods
6.4.1.3 Wind
6.4.1.4 Other Natural Hazards
6.4.2 Building Systems, Procedures, and Safety Risk Controls
6.4.2.1 Backup Electrical Power Systems*
6.4.2.2 Emergency Communication Systems
6.4.2.3 Fire Safety and Building Evacuation
6.4.2.4 General Building Systems
6.4.2.5 Hazardous Materials Control
6.4.2.6 Housekeeping
6.4.2.7 Medical Planning and Safety
6.4.2.8 Research Laboratory/Clean Room
/Special Room Controls
6.4.2.9 Shelter-in-Place Safety
6.4.3 Security Risk Controls
6.4.3.1 Building Interior
6.4.3.2 Building Perimeter
6.4.3.3 Grounds and Parking Lot Security (Outer Perimeter
)
6.4.4 Technology Risk Controls
6.4.4.1 General Information
6.4.4.2 Alternate Site Plan
6.4.4.3 Communication Systems
6.4.4.4 Data Center Protection
6.4.4.5 Data Center Recovery
6.4.4.6 Information Management
6.4.4.7 Information or Cyber Security Management
6.4.5 Supply Chain and Process Flow Analysis
6.4.5.1 Raw Materials
6.4.5.2 Manufacturing
6.4.5.3 Product Distribution/Shipping
Questions for Thought, Review, and Discussion
Appendix A: Case Study: Sample Organization