On the basis of its definition of business risk, the Library of Congress worked with its independent auditors to document substantial risks to the collections and to identify appropriate safeguarding controls. Based on the results of the audits, the Library decided to conduct formal risk assessments of the environments and control activities within selected divisions.
Library management realized that risks would need to be calibrated on the basis of the likelihood of their occurrence and on the magnitude of impact, should they occur.
The risk associated with an internal control weakness over the safeguarding of the collection assets is assessed ashigh, moderate, or low, depending upon the degree to which present policies and procedures make it highly probable that: 1. Whether risk was acceptable would be determined by the degree to which one or more of the above situations could occur (likelihood of occurrence) and the degree to which the situation would adversely affect the integrity of the collections (magnitude of impact).
Before the Library could begin its risk assessment, management had to determine which internal controls were relevant. To establish a common language for this segregation by risk, the Library uses names of five precious metals—platinum, gold, silver, bronze, and copper—that describe groups of items in the collections by degree of tolerance for risk.
Silver includes items that require special handling and items at particularly high risk of theft, such as computer software, popular titles in print, videos, and compact discs.
Other libraries can readily devise similar ranking systems to define degrees of risk specific to their collections. This risk tolerance category determines the levels of controls placed over the Library's items.
The Library of Congress, as a library of last resort that serves primarily the research needs of Congress, has a low tolerance of risk for monographs and manuscripts.
In 1997, the Library chose to start the risk assessment process by examining its Geography & Map Division. The Library has now conducted risk assessments of most of its special collections, its general collections, and areas that perform essential activities to service the collections, such as the Preservation Directorate, the Copyright Office, and the Collections Management Division. The final steps in the risk-assessment process are designed to summarize the results of the assessment and translate them into actions for management. For those risks that the institution decides it cannot tolerate, management must introduce mitigating control activities. Assessing risk and identifying controls are just two steps in the business risk model. 4 Some special format collections share off-site storage space, but this is undesirable and has been assessed as a risk to the inventory control and preservation of those items. 5 To avoid inconveniencing patrons, managers often resist simple security and preservation controls that greatly reduce risk to the collections, such as requiring researchers to don protective gloves to examine fragile materials or allowing only staff to photocopy materials. Natural resource managers in the Alligator Rivers Region (ARR), and elsewhere in northern Australia, have few tools to determine what environmental assets are at greatest risk from multiple threats, where these range in scale from point source pollutants through to diffuse landscape-scale impacts of invasive species and, on a global scale, the impacts of climate change.
A high protection level for the biodiversity of aquatic ecosystems was used as the assessment endpoint and, whilst measurement endpoints inevitably varied, they all encapsulate some metric of ‘species affected’ facilitating comparison between different risks. Additionally as part of the Tropical Rivers Inventory and Assessment Project, eriss is undertaking a broad-scale Ecological Risk Assessment of key threats to Australia’s tropical rivers. Ecological Risk Assessment is the term ascribed to the method(s) for determining risk posed by a stressor (contaminant or perceived threat) to the survival and health of ecosystems. Using these criteria, risk is quantified as the probability of an adverse event, or the likelihood of exposure multiplied by the consequences or effects of that exposure (Prisk = Pexposure x Peffects). Hence, the aim of Ecological Risk Assessment is to estimate the probability of adverse events from identified environmental stressors.  Traditionally, Ecological Risk Assessment has been used to investigate the effects of the release of particular chemical pollutants (toxicants) into the receiving ‘environment’. The systematic steps for performing Ecological Risk Assessment, as applied to an identified stressor, are outlined in Figure 1.
Consider the example of determining the risk of exposure to toxic levels of uranium to biota in Magela Creek waters downstream of Ranger mine.
As illustrated in Figure 2 uranium levels for all exposure observations fall well under the effect thresholds and the risk probability for exposure to uranium at detrimental levels in Magela Ck is therefore close to zero.
In this case the assessment endpoint used to evaluate impacts from off-site uranium contamination from Ranger mine is the conservation of the biological diversity of the ARR. While risks of hazardous exposure to uranium (and other mine-related products) have been found to be extremely low in Magela Creek, a risk-reduction strategy is nevertheless in place.  Objectives for water quality management are based on minimum dilution requirements for mine-related products in receiving waters of Magela Creek. Depending on the information available for undertaking Ecological Risk Assessment, there are several approaches used to characterise risk. Boyden JM, Walden D, Bayliss P & Saalfeld K (in prep) A GIS compendium for landscape-scale risk assessment of the Magela Creek floodplain and broader Alligator Rivers Region, NT.
Walden DJ, Bayliss P, Boyden JM & Ferdinands K (in prep) An ecological risk assessment of the major weeds on the Magela Creek floodplain, Kakadu National Park. In working with our board, Hour-Zero has been exceptionally thorough in their approach from auditing our existing practices to conducting risk assessments to recommending solutions to providing training and support to our administrators. Risk assessments are conducted on the basis of identifying and evaluating hazards according to relative likelihood and impact, and prioritized according to overall severity. The business risk model presented in this report was developed to satisfy the second of the five elements of the COSO framework, namely risk assessment.
Risk assessment is the identification and analysis of internal and external risks relevant to the achievement of objectives.


Control activities are the policies and procedures an organization develops to ensure that management's directives are carried out and objectives are met. To conduct control activities and identify risks, mechanisms must exist within the organization to capture and communicate relevant information at all levels.
The focus of the auditors' assessment was control activities, which in the Library range from cataloging standards and practices to protocols for the physical handling of acetate disks or eight-track tapes. The assessments would be done in the divisions where collections of differing formats were either permanently stored or temporarily handled as they arrived, or where they were serviced in some manner within the Library. These situations may occur because of the absence of an effective policy or procedure, or failure to adhere to the policy or procedure. Just as the clues to uncovering business risk are found in the mission statement, relevant controls are derived from an examination of business risks.
The degree and type of control placed on an item depend upon its relative value and risk of loss or deterioration relative to other items in the collection. 10-11, defines the Library's four relevant controls, provides examples of each type, and describes risks that may be present if these controls are weak.
A single-page manuscript has a higher risk of physical loss than does a large monograph.
KPMG provided the structure for the risk assessments, employing internal control evaluation techniques similar to those used for financial statement audits. After the risk-assessment results had been reported, management was expected to institute new controls or strengthen existing controls to reduce unacceptable risks. It attempted to examine every type of collection item that carried specific risks so that it could extrapolate what had been learned to other similar materials that were not scheduled for assessment.
Some risks can be overcome by changes in policies or procedures; overcoming others requires additional monetary or personnel resources. However, Ecological Risk Assessment is a powerful analytical tool that allows objective comparison of the relative risk contributed by each specific ‘threat’ to ecological structures being managed. For minesite risks the focus was on three key chemicals (uranium, sulfate & magnesium) in the surface water pathway, and the focus for landscape-scale risks was wetland weeds, feral pig damage and unmanaged fire. Under these procedures risk is defined as the probability that an adverse effect will occur as a result of ecosystem exposure to a particular ‘concentration’ of the stressor.
Spatial risk assessment across large landscapes with varied land use: lessons from a conservation assessment of military lands.
Integrated geographical assessment of environmental condition in water catchments: Linking landscape ecology, environmental modelling and GIS, Journal of Environmental Management 59, 299–319. Vulnerability assessment of predicted climate change and sea level rise in the Alligator Rivers Region, Northern Territory Australia.
Ecological risk assessment of Magela floodplain to differentiate mining and non-mining impacts. Inventory and risk assessment of water dependent ecosystems in the Daly basin, Northern Territory, Australia. The River Murray and Lower Lakes Catchment Risk Assessment Project for Water Quality-Concepts and Methods. Identifying Sources of Stress to Native Aquatic Fauna Using a Watershed Ecological Risk Assessment Framework. Design Considerations and a Suggested Approach for Regional and Comparative Ecological Risk Assessment. A new ecological risk assessment procedure using resource selection models and geographic information systems.
A regional multiple stressor risk assessment of the Codorus Creek Watershed applying the Relative Risk Model.
Multiple stressor effects on benthic biodiversity of Chesapeake Bay: implications for ecological risk assessment. Commercially important trees as invasive aliens-towards spatially explicit risk assessment at a national scale. Wetland risk assessment: a framework and methods for predicting and assessing change in ecological character. Developing a regional ecological risk assessment: a case study of a Tasmanian agricultural catchment. A regional multiple-stressor rank-based ecological risk assessment for the Fjord of Port Valdez, Alaska. Probe into the method of regional ecological risk assessment-a case study of wetland in the Yellow River Delta in China. Despite the absence of a baseline risk assessment for the collections, the auditors could draw significant conclusions about the control environment and note what information was gathered, how well it was communicated, and how various monitoring systems operated. That way, staff could assess the risk to items over the course of their life cycle—from acquisition to cataloging and from service to storage.
For example, from the four salient types of risk the Library identified, it derived four corresponding types of "safeguarding controls" that mitigate those risks to its collections. While not all libraries will face the same risks in equal measure and degree, the risks they face will fall into these four categories, as will the controls designed to mitigate them.


Therefore, the risk-assessment process would be more efficient if collections were first segregated by major format types that tend to share similar risk. But not all libraries have closed stacks, even if it places their collections at some risk. This has allowed the Library to build a baseline assessment of risk and mitigating controls that meet the requirements of the audit process and yield critical information about the ongoing needs of the collections. No situation or environment can ever be totally risk-free, and reducing risk costs money, whether in the form of additional insurance coverage or of funding to implement tighter controls. For instance, if the risk assessment reveals that existing physical security is inadequate, the institution will likely need to acquire security personnel or equipment to reduce the risk to an acceptable level. This permits risks from multiple stressors to be evaluated and communicated in a logical, robust and transparent manner. In this context Ecological Risk Assessment plays an important role in best-practice natural resource management based on adaptive management principles. From this data risk of contamination by uranium via the surface water pathway can thereby be determined. Where frequency data are not available a Bayesian statistical approach which involves assessing degrees of ‘belief’ using qualitative or semi-quantitative reasoning is often used.  In practice, a combination of techniques are used, where semi-quantitative assessments tend to be precursors to quantitative assessment (Figure 3). Overview, proposed framework and methodologies for the Tropical Rivers Inventory and Assessment Project. Assessments are a continuous part of the internal control process because emerging economic, regulatory, political, and operating conditions will change the type and degree of risks faced by an organization. These differences affect the amount of risk to the assets that management is willing to tolerate.
Figure 1 on page 16 depicts the procedures that made up the risk assessment process. From this comparison, management determined whether business risks were acceptable or whether controls needed to be instituted to mitigate some of them.
For each weakness, the team assessed the degree of risk and whether management was willing to accept the risk. The risks that management was not willing to accept were sorted by level of risk (high, medium, or low) and by control type (bibliographic, inventory, preservation, or physical). At this point in the risk assessment process, management must decide how much risk the institution is willing to accept—a decision that usually comes down to cost versus benefit, because no institution has unlimited resources.
For example, conceptualising risk pathways to identify how and what risks may arise and to plan targeted monitoring is an important qualitative step from which quantitative data can then be acquired. The frequency and depth of the monitoring activities depend on the amount and degree of risk faced by the organization. For example, the risks to a recent monograph on the Japanese economy, printed on acid-free paper and of little artifactual value, would be different from the risks to a Hollywood feature film from 1956 or to the 1991 Sports Illustrated swimsuit issue. Creating and enforcing such a policy would greatly reduce the risk of theft, loss, or misplacement of Library materials. College libraries, for example, usually have open access to their stacks and so must institute policies and procedures that mitigate the havoc that can result when students pull books from the shelves and incorrectly reshelve them, or take them to the dormitory without checking them out.
Management has less risk tolerance for items of considerable value that cannot be replaced than for those items that can be bought in the marketplace.
The degree of risk was measured by both the likelihood of occurrence and the magnitude of impact. Management analyzed the types of risks within each level to determine whether there were any pervasive weaknesses of a particular control type.
The impact of a high-risk behavior is obviously greater if the item at risk is a holograph Emily Dickinson poem rather than the second copy of the fourth edition of Joseph Heller's Catch 22.
Alternatively, applying a structured semi-quantitative approach to ranking risks (eg Table 1), which considers uncertainties, is a beneficial way of determining priorities, particularly when assessing risks from multiple stressors. Each item has its own risks, based on physical features of the recording medium and perceived value, and in each case, the risks are dynamic and change over time.
College library managers may accept the risk to their collections when those controls fail occasionally, because it is worth it to meet student needs. Similarly, risk may be unacceptable if a monograph is not cataloged or the number of copies the institution holds is not noted in a bibliographical database.
A judicious choice of formats and genres produces a risk assessment that allows extrapolation from these data to similar types of collection items. In contrast, risk may be acceptable if individual pieces of a collection of manuscript correspondence do not receive item-level description, provided there are compensating controls in place.



Disaster grab and go bag
Preparedness for earthquake
Natural disasters 2015
Disaster recovery phone systems


Comments

  1. 04.05.2014 at 20:54:35


    Generator, a widespread misconception that's easy to access by means of foot, in the.

    Author: Puma
  2. 04.05.2014 at 13:10:51


    Make contact with his Church.

    Author: Lovely_Boy