Risk analysis in business continuity,earthquake emergency supply kit,emergency water storage containers nz - For Begninners

This paper will highlight some of the most pertinent issues that need to be addressed when competing in the international business environment pertaining to risk management. In business, risks lurk at every turn, competitor innovations that threaten the viability of your products or services, new players in the market place, adverse trends in commodity prices, currencies, interest rates or the economy.
Financial executives, who have not done so already, should begin to develop a holistic risk management program or one that allows them to mitigate and manage risk on a broad front. Scenario analysis matured during Cold War confrontations between major powers, notably the USA and USSR, but was not widespread in insurance circles until the 1970s when major oil tanker disasters forced a more comprehensive foresight. Governments are apparently only now learning to use sophisticated risk methods, most obviously to set standards for environmental regulation, e.g. Risk management involves identifying, analyzing, and taking steps to reduce or eliminate the exposures to loss faced by an organization or individual. Basic risks such as fire, windstorm, employee injuries, and automobile accidents, as well as more sophisticated exposures such as product liability, environmental impairment, and employment practices, are the province of the risk management department in a typical corporation. In the 1990s, the field of risk management expanded to include managing financial risks as well as those associated with changing technology and Internet commerce. The main focus of enterprise risk management is to establish a culture of risk management throughout a company to handle the risks associated with growth and a rapidly changing business environment. Finally, it is important that the small business owner and top managers show their support for employee efforts at managing risk.
Means of measuring and assessing risk vary widely across different professions The various means of doing so may define different professions, e.g.
In the nuclear industry, 'consequence' is often measured in terms of off site radiological release, and this is often banded into five or six decade wide bands. The technique as a whole is usually refered to as Probabilistic Risk Assessment (PRA), (or Probabilistic Safety Assessment, PSA). Risk in finance has no one definition, but some theorists, notably Ron Dembo, have defined quite general methods to assess risk as an expected after the fact level of regret.
As regret measures rarely reflect actual human risk aversion, it is difficult to determine if the outcomes of such transactions will be satisfactory. The concepts of closeness to the core business and market attractiveness can be combined to analyze the risk of investing in new offerings. You can trace through the supporting analysis and its conclusions, adjusting your input until you are satisfied your description accurately characterizes your enterprise. Offerings in this category represent the least risk and will be ideal candidates for development.
Offerings in this quadrant are risky to develop since they stray from the core business. If the company can achieve operating profitability at one level, can profitability be maintained as the company grows and evolves?
The universe of uncertainty that each company faces is comprised of endogenous and exogenous dimensions. Industry level uncertainties originate primarily from technological innovation and changes in the relative prices of inputs and outputs.
Environmental uncertainty arises from the prospect of political, macro economic, social, natural, financial and currency volatility, and is often represented by the term country risk (Clark and Marois, 1996, Howell, 1998 and Robock, 1971). In the same survey, the item that was least associated with risk was the Knightian definition of risk as known probabilities and outcomes. The analysis of country risk is a well established field within international business research which demonstrates a clear relevance to practice. The formal evaluation of country risk grew out of the need to evaluate the creditworthiness of sovereign nations, and was extended within the financial sector to evaluate private foreign entities.
Clark and Marois (1996) summarize the methodologies employed by some of these organizations, which typically utilize a weighted average of objective economic and political data (e.g. Cosset and Roy (1991) found the primary determinants of the ratings generated by Euromoney and Institutional Investor are per capita income and the country's propensity to invest and level of indebtedness. Due to the lack of competing methodologies, the country risk analysis techniques that were developed for use in the financial sector are now applied with few or no changes for the purpose of evaluating country level uncertainties in the operating environment (Clark & Marois, 1996). The commonly employed practice of accounting for the downside risk associated with potential private foreign direct investment based on country risk measures that were originally designed to evaluate sovereign risk is likely inappropriate, for four main reasons. Second, lending situations are fundamentally different from other forms of international business, in that only downside risk is relevant in a lending context (i.e. Third, the generation of a generic country risk rating does not account for firm specific factors, such as exposure, aversion to risk, and ability to manage risk. Fourth, the current ways in which country risk is measured do not effectively gauge the most commonly perceived definitions of risk.
However, this measure confounds expected return with risk, and does not directly assess the predictability of GDP growth. At best, country risk rating methods help increase managers abilities to anticipate or identify changes in the operating environment.
The conceptual concerns with country risk measures outlined in Section 1.2 are corroborated by empirical research evaluating the extent to which country risk measures are effective predictors of macro level volatility. A further demonstration of the shortcomings inherent in relying upon established measures of country risk is depicted in Fig.
The figures include seven major emerging markets, which were chosen on the basis of each having experienced at least one major economic crisis during the sample period, and collectively these countries account for the most prominent emerging market economic crises in the past decade.
As shown in the illustrative cases depicted in these figures, a well established measure of country risk failed to clearly predict any of the crises. The economy can reduce demand for your product or service during a recession, but it can also stimulate demand during an expansion. Downside risks, while seen as the most likely to impact the top revenue driver, tend to be easiest to manage, because companies can take proactive measures to minimize or mitigate them, such as building redundancies into their supply chain or installing fire protection systems in offices and manufacturing plants. Whatever the potential benefits of a strong risk management program, many organizations see plenty of challenges to implementing one. The primary objective of an organization, growth, for exampl will determine its strategy for managing various risks.
Businesses have several alternatives for the management of risk, including avoiding, assuming, reducing, or transferring the risks.
Assuming risks simply means accepting the possibility that a loss may occur and being prepared to pay the consequences. Transferring risk refers to the practice of placing responsibility for a loss on another party via a contract. Any combination of these risk management tools may be applied in the fifth step of the process, implementation. As with so many business initiatives, the success of a risk management programme depends on the active support of senior management. Effective risk management programs do not rely on the work and resources of any single person or group within the organization.
Risk management programs work best and companies reap the greatest possible benefit from them when their goals, processes and results are shared with all the company’s stakeholders. Effective risk management programs do not merely insure companies against downside risks, they also include proactive systems and processes to maximize the opportunities the opportunities presented by variable risks. SMEs and newly established ventures, on the other hand, typically exhibit resource scarcity but also maintain organic, decentralized, and flexible organizational structures, which may give them an advantage in the implementation of strategies that require a willingness to change, particularly when change is driven by information acquired in international operations, which are generally peripheral to the organization's core.
Small businesses encounter a number of risks when they use the Internet to establish and maintain relationships with their customers or suppliers. Conducting business online exposes a company to a wide range of potential risks, including liability due to infringement on copyrights, patents, or trademarks, charges of defamation due to statements made on a Web site or via e mail, charges of invasion of privacy due to unauthorized use of personal information or excessive monitoring of employee communications, liability for harassment due to employee behavior online, and legal issues due to accidental noncompliance with foreign laws. Making a sound business case for having a strong risk management program has long been an elusive challenge for many organizations. In pursuing this goal, companies, now more than ever, would do well to begin by identifying their top drivers, then pinpointing the top threats to those revenue drivers, and distinguishing between those that are predominantly downside risks and those that are predominantly variable risks.
While both categories of risk deserve attention, companies may discover the effectiveness of their risk management programs are most effective if they devote more of their attention to controlling risk rather than transferring it to insurance companies. Because companies indicate that they expect having trouble finding the time, budget and people necessary to implement or maintain a strong risk management program, senior management must demonstrate leadership in championing and funding this initiative.
By implementing an effective risk management program, companies protect their ability to compete. Good afternoon Ladies and Gentlemen, I’m Jeremy Wong, and I am very pleased to be here this afternoon to share with you on how Risk Analysis can be conducted for BCM. Before the break, Dr Goh presented you with a short but concise description of each phase in the BCM Planning Methodology. Examples of organisational assets would be facilities, people, data, software, applications and equipment.
Once we have listed down the most probable threats, we would then be able to dissect each threat and examine the Impact and likelihood of occurrence.


We first determine the existing controls and with these controls in mind, we estimate the impact and likelihood of the threats occurring and arrive at a risk level for each threat. Once we are able to locate each threat, we move into the Evaluation stage which is A Screening Process – risks are reviewed against a pre-defined set of criteria and adjusted.
So in our illustration, we have 3 risk rating zones – the high risk zone in Red, the low risk zone in green, and the medium risk zone in amber.
Once we have identified and prioritized our risks, we now need to find suitable ways of dealing with these risks.
There are generally 4 strategies that can be used to treat risk – acceptance, avoidance, transfer and reduction. Looking at Risk Reduction in greater detail, we see that there are actually 2 ways to go – we could either reduce the likelihood of a risk occurring (like putting in preventive controls) , or we could reduce the impact of the risk.
Search: Subscribe for updatesRegister to receive email news alerts, daily digest, weekly roundup or Topic newsletters. Throw in potential disruptions to supply chains that have been stretched across thousand of miles and country borders by globalization, and the opportunity for something to go wrong is, to say the least, worrisome.
Organizations who are tempted to short change their risk management efforts will find potential consequences can be severe, from a loss of competitiveness to, in the extreme, having to cease operations altogether.
Usually the probability of that event and some assessment of its expected harm must be combined into a believable scenario (an outcome) which combines the set of risk, regret and reward probabilities into an expected value for that outcome. For example, human beings are completely vulnerable to the threat of mind control by aliens, which would have a fairly serious impact. The practice of risk management utilizes many tools and techniques, including insurance, to manage a wide variety of risks.
Such losses and liabilities can affect day to day operations, reduce profits, and cause financial hardship severe enough to cripple or bankrupt a small business. Risk management is now a widely accepted description of a discipline within most large organizations. As of 2000, the role of risk management had begun to expand even further to protect entire companies during periods of change and growth.
In response, risk management professionals created the concept of enterprise risk management, which was intended to implement risk awareness and prevention programs on a company wide basis. To bring together the various disciplines and implement integrated risk management, ensuring the buy in of top level executives is vital. These include the nuclear power and aircraft industries, where the possible failure of a complex series of engineered systems could result in highly undesirable outcomes. Such methods have been uniquely successful in limiting interest rate risk in financial markets. The mathematical difficulties interfere with other social goods such as disclosure, valuation and transparency.
The proximity of the new offering to the core business is measured by its proximity to current offerings and current markets.
The low attractiveness of the market may be a benefit since it will be less lucrative for competitors.
Competitive risk represents the degree to which competitors' actions cannot be predicted, and may therefore bring about unanticipated consequences. Unlike gambling, business strategy entails outcomes of unknown or uncertain probabilities, and the nature of the outcomes themselves may be unknowable.
Country risk analysis is intended to isolate idiosyncratic sources of potential volatility in a country's political, economic, or social environment. Most large international banks maintain departments specifically responsible for monitoring country risk, and many of these offer clients formal, standardized analyses of country risk. Country risk scores are typically used to discount the value of potential investments in a given foreign country, such that potential projects in higher risk countries are subjected to a higher discount rate (or must exceed a higher hurdle rate of return). First, the risk of default in international lending is not necessarily equivalent to other risks faced in international business. For instance, an average of analysts' expectations of GDP growth is frequently incorporated into country risk measures (Clark & Marois, 1996), with lower growth reflecting higher risk. But these methods do not measure the predictability of the environment or the chance and size of a detrimental outcome.
La Porta, Lopez de Silanes, Shleifer, & Vishny, 1997) to capture the various dimensions of country risk and identify potential volatility. In each case, the quarter in which the crisis first materialized is indicated with a special symbol. In fact, in a majority of cases, the focal country was deemed to be exhibiting diminishing risk in the periods leading up to a major crisis. Some risks, such as those related to supply chain or property, only have downside consequences. Similarly, a new technology could either threaten the viability of your business model, or give you an advantage over the competition, depending if you where the first or last to embrace the technology.
The biggest risk management challenge is as expected, will be obtaining adequate resources, namely, time, budget and people.
Besides addressing both variable and downside risks on an enterprise wide basis, programs are needed that should incorporate systems and processes for preventing, not just insuring against common risk factors.
Avoiding risks, or loss prevention, involves taking steps to prevent a loss from occurring, via such methods as employee safety training. Reducing risks, or loss reduction, involves taking steps to reduce the probability or the severity of a loss, for example by installing fire sprinklers.
The most common example of risk transference is insurance, which allows a company to pay a small monthly premium in exchange for protection against automobile accidents, theft or destruction of property, employee disability, or a variety of other risks. The final step, monitoring, involves a regular review of the company's risk management tools to determine if they have obtained the desired result or if they require modification.
While often led by a risk management officer, the best programs draw on the input and co operation of every part of the organization.
Large, established firms are likely to have greater resources and more market power, which will likely lead them to pursue strategies such as diversification and control to manage country risk.
An overview of the eight strategies, their objectives, and their scope is presented in Figure. Increased reliance on the Internet demands that small business owners decide how much risk to accept and implement security systems to manage the risk associated with online business activities.
Awareness of risk has increased as we currently live in a less stable economic and political environment. In the short time we have together this afternoon, I would like to focus on just one particular phase of the BCM Lifecycle – what many of you know as Risk Analysis or Risk Assessment. Before anything can be done about the risks, we first must be able to identify – the assets we have that we want to protect, and the potentials threats that could severely affect those assets. The outcome is an inventory list of assets.In addition to physical assets, the list may also contain intangible assets like reputation, business relationships.
Remember that we have already taken into account the existing controls when developing this risk level matrix, so what you see here represents the residual risk after the existing controls have been applied.Some organisations prefer more detail and go for a 5 x 5 matrix rather than the 3 x 3 matrix shown here.
The list shows several examples of criteria that can be used to assess and further refine the risk level. This is where having a BCP plays an important part in limiting the downside of a disaster and implementing recovery. An assessment in terms of impact and probability has been undertaken for each of the options. But as we haven't yet met aliens, we can assume that they don't pose much of a threat, and the overall risk is almost zero. It did not reach most professions in general until the 1990s when personal computers proliferated. Every business encounters risks, some of which are predictable and under management's control, and others which are unpredictable and uncontrollable.
But while many large companies employ a full time risk manager to identify risks and take the necessary steps to protect the firm against them, small companies rarely have that luxury. As the role of risk management has increased, some large companies have begun implementing large scale, organization wide programs known as enterprise risk management. As businesses grow, they experience rapid changes in nearly every aspect of their operations, including production, marketing, distribution, and human resources. Farmer used the example of hill walking and similar activities which have definable risks that people appear to find acceptable. Financial markets are considered to be a proving ground for general methods of risk assessment. Such an individual would willingly (actually pay a premium to) assume all risk in the economy and is hence not likely to exist. Uncertainty in the external environment refers to the risk present in the operating environment of a given country.


In line with the manner in which most practitioners conceptualize risk, the principal objective behind country risk analysis has been the minimization of downside risk. A measurement of financial risks is unlikely to accurately represent economic, social, currency and political risks. Therefore, country risk measures are unlikely to truly capture the nature of risk as conceived by practitioners. The measures shown represent a composite measure of country risk, which consists of an aggregate of political risk, economic risk and financial risk. Successful organizations often get that way by using their skills in forecasting, planning, marketing and research and development to leverage variable risks to their own advantage. New risks will be introduced through the development of new products, the introduction of new technology, and changes attributable to merger and acquisition activity. Insuring against the downside impact of risk factors should be a company’s last and not first line of defence. An Earthquake may be identified as a potential exposure to loss, for example, but if the exposed facility is in New York the probability of an earthquake is slight and it will have a low priority as a risk to be managed. As another example, a pharmaceutical company may decide not to market a drug because of the potential liability. Because of its costs, the insurance option is usually chosen when the other options for managing risk do not provide sufficient protection. Nation's Business outlined some easy risk management tools for small businesses: maintain a high quality of work, train employees well and maintain equipment properly, install strong locks, smoke detectors, and fire extinguishers, keep the office clean and free of hazards, back up computer data often, and store records securely offsite. GMH is a consulting firm focusing on Business Continuity Management, Disaster Recovery and Crisis Management.
At this point, we are concerned with gathering and analysing information, and not into drawing up BC plans yet.
Iceland is right across the globe, but because of ash clouds halted hundreds of flights, the effects were felt even in Singapore. To differentiate the significance or importance of criteria, some companies may want to introduce a weighting system, although often this does not contribute much in producing a more accurate analysis.
Within the context of a national framework for risk management, NHSQIS also commissioned work that enabled development of a national approach to incident and near miss reporting (Safe Today - Safer Tomorrow 16, 2006). Instead, the responsibility for risk management is likely to fall on the small business owner.
The authors found that none of the sampled measures was effective in predicting periods of significant volatility. Companies should focus on eliminating as many downside risks as possible so they can maximize the time spent managing and exploiting variable risks, adds real value to the business.
When leadership does not embrace a culture of risk management, risk improvement initiatives can be doomed from the outset. Heins in their book Risk Management and Insurance, the risk management process typically includes six steps. Awareness of, and familiarity with, various types of insurance policies is a necessary part of the risk management process. Our core business is to help organisations plan and execute their business continuity plans, and I am happy to say that so far we have been very successful in doing just that. That comes later in the recovery strategy and plan development phases.In Risk Analysis and Review, we examine the external environment for threats that can negatively impact the organisation. Supply chains were disrupted and businesses from many parts of the world were affected.There are many ways you can carry out threat identification. This work was undertaken in partnership with NHSScotland.It is essential that management of risks related to Healthcare Associated Infection ( HAI) is set within the context of an organisation's system of governance and risk management. We have implemented BCP for organisations, not only in Singapore, but also around the region, in Malaysia, Brunei, Thailand and Philippines. If you recall, in Indonesia last year we had a volcanic eruption and earthquake occuring very close to each other, and that caused huge problems for Indonesia. They are : through “walkaround observation”, checklists, research into historical records, brainstorming. In other words, the Evaluation stage helps us prioritize our risks.This stage may be relatively simple for companies that have just a few threats, but may be more involved for companies that are big, and have more at stake should a major operational disruption occur. An example of an HAI risk management tool already available is the 'Watt Group Risk Management Matrix' 17 (2002). As part of our consulting approach, we help equip clients with the knowledge and skills to continue the BC programme even after we leave. Natural Threat is a threat resulting from the effect of nature that may cause a disruptive impact to an organization. Man-made Threats are threats resulting from human interventions. However, as noted earlier, it is also prudent to test for the impact of varying assumptions about efficiency savings.
This was developed for use by infection control teams in the practical management of infection incidents or outbreaks.Risk management requires the development of a method to identify, measure and manage the risks thereby reducing the potential for unexpected loss or harm. Such a method involves the consistent use of suitable techniques throughout the organisation. However, key triggers of particular importance to each organisation may be developed from key plans and operational policies. This is an important consideration at each step of the way and should be an opportunity for all to contribute rather than a one way flow of information.
The risks should be stated explicitly and must be communicated to the organisation, patients and public; and others. The consequences, likelihood and hence the level of risk need to be determined at this stage. Identifying the likelihood of most events occurring in health can be subjective and based upon the knowledge and expertise of those involved in the risk analysis.
However, evidence and statistics may be available regarding the recurrence of certain events and this information can help you to assess the likelihood level. Within the management of HAI available evidence includes the wealth of surveillance data collected locally and nationally.
This table has been developed in collaboration with NHSScotland risk managers and is designed to be used as guidance when NHS Boards are developing or reviewing their own risk assessment matrices. An example of what an adapted, specific matrix for HAI might look like (based on existing practice within NHSScotland) is presented as Table 3.
Prioritising of risks that are assigned the same risk exposure rating is achieved by examining the strength of the control measures in place for these risks. This can include many actions such as eliminating a particular activity because it is too dangerous, the use of protective measures, special training, or new policies and procedures to improve the current arrangements. This should reflect the minimum steps considered necessary in a short timescale to improve control of any risk to a tolerable level. This will highlight areas for immediate further action or demonstrate a milestone in the achievement of the target control level.Control Groups and Control LevelThe systems and processes that are in place to control risk can be categorised into five groups of control.
This information will help to determine how much control there is against each group across the following scale:Descriptors for each of these levels are detailed in the risk control matrix (Table 5). When completed this allows a gauge of the total level of current control to be made and a decision on what actions (if any) are required to increase the level of control.An organisation (or infection control team) may identify several 'red' risks that require to be prioritised for action.
For example, if several 'red' risks are identified some of these will have acceptable control measures in place that cannot be improved upon. The remaining 'red' risks can be prioritised for action according to the level of control measures in place and whether or not these are acceptable to the organisation. Risk control plans or action plans can then be developed.The risk control plan or action planAfter considering the risk control level, you are now able to decide whether a target control level is required, and if any improvements are necessary. If so, then decide the level of control that you need to achieve to reach the target control level.Specific actions can be assigned to any or all of the five control groups and will aim to increase the control level (Table 5). The plan must also detail the timescale for the improvement to be achieved and any cost benefit in relation to the risk. The risk control plans may also be reviewed by a group or committeeDetails of the person recording the information and the date.ResourcesThe risk control planning process should also compare the risk exposure costs (should the risk materialise) with the cost of planned improvements to current controls. It is possible that the impact in cost or resources required might outweigh the actual impact of the risk materialising on the organisation. A risk control plan that does not change very often may indicate that risk is being identified, but not managed or controlled.A monitoring process which is able to provide assurance to the NHS Board that appropriate control measures are in place and being followed for all significant risks, is key to ensuring effective risk management. In addition, there should be formal procedures in place for reporting weaknesses and for ensuring corrective action.
The risk controls already in place under five categories give a risk control level, and 'red' or 'amber' risks in particular can be prioritised for action by assessing their existing risk control level.



Emergency alert system tsunami warning
Fema volunteer jobs


Comments to “Risk analysis in business continuity”

  1. LestaD writes:
    Make test calls man do you feel college of Public Health's Alain Labrique and six.
  2. Azerinka writes:
    Case if I did not ground the nebraska, New Hampshire, New Mexico.
  3. NFS_Carbon writes:
    Been" for the prepper any much.
  4. BREAST writes:
    Tech and more primitive tools to incorporate also, although.
  5. Smack_That writes:
    Fluorescent plastic tape for trail marking the important items.