Risk in CIM
Experience and imagination are the most important attributes when it comes to mapping risks. Can you envisage the risks that your organisation is exposed to? If so, using your experience, what are the potential consequences and mitigation measures against these risks?
A risk analysis is the output from answering the questions above and these days, analysing risk is a huge part of almost every industry. An increasingly global economy only serves to broaden the scope of risk management and every business should take responsibility for asking itself the tough questions to increase the understanding of the challenges it faces:
- Map and describe risk- what could potentially go wrong?
- What is the likelihood of this happening?
- What can we do to prevent it happening?
- What are the potential consequences?
- If it does happen, what can we do to reduce these consequences?
How do we approach this?
- Create a risk image
- Consider different alternatives and solutions
- Discuss the effect of the mitigating measures and grade their impact
- Based on this assessment, build the appropriate alternatives and solutions into your plan
- Use your risk analysis to help steer the business
How do you conduct a Risk and Vulnerability Analysis?
A risk and vulnerability analysis (RAV analysis) should not only map and explain risk, it should also provide information on the likelihood of it occurring. You should consider describing what you can do to prevent it from happening, what consequences it may have if it happens, and how can you reduce the likelihood of it happening. It may also be useful to describe how or to what extent it is possible to maintain normal operation if the incident occurs.
It is all well and good doing an analysis, but you should also intend to use the result for something specific. Examples of what an RAV analysis can be used for include creating a common risk picture, assessing different alternatives and solutions, clarifying the effect of different actions at risk, choosing different solutions and measures in a planning phase and providing a basis for the decisions made.
The most important thing is that YOU have a clear goal of performing the analysis.
How far can you go with a RAV analysis?
A RAV analysis cannot map all possible incidents that may occur across the different parts of the business. Define an analysis area, at organisational, geographic or functional level, and perform an analysis for this area. Involve as many people as possible involved in the given area for the best possible analysis and then define the unwanted incidents that may occur. Define the incidents as well as possible, and describe them accurately.
Common examples include major accidents, fire, natural disaster, cyber-attack, supply chain failure, political conditions and reputational issues amongst many more.
Using CIM to Manage Risk
CIM provides comprehensive risk assessment and management functionality, which allows you to take control of the factors that threaten your business. The Analysis module is used to create and execute a business’s risk management process using a flexible workflow builder. The advantage of this is that your current procedures can be incorporated into the tool and aligned with other CIM modules for preparedness and response.
With the analysis module, the business can continuously update a register of unwanted events, including the risk of these happening, the impact level associated with each and the measures that have been taken in mitigation.
The module contains several types of analyses and can be adapted to different levels of detail for each; Risk and Vulnerability Analysis (ROS), Simplified Analysis and Rough Analysis.