Step 2. Assess your Risks

EPCB's three step risk management framework aligns with the International Risk Management Standard (ISO 31000)

International risk management standards require you / your "entity" to adopt a defined and documented process for risk assessment
that will enable you / the entity to understand the threats to and vulnerabilities of its critical activities.

EXAMPLE: "The entity shall identify hazards, monitor those hazards, the likelihood of their occurrence, and the vulnerability of people, property, the environment, and the entity itself to those hazards". (Ref NFPA 1600)
NB While EPCB uses a comprehensive and integrated risk management approach, the examples used throughout this site are associated with natural hazards:
1. Because all entities share that exposure - therefore the examples are transferable; and
2. To a degree the risks are non-political - therefore the examples do not breach confidentiality or sensitivity issues.

Identify your hazards from the checklist of NFPA 1600

A pdf outlining the Risk Assessment Tool (163 KB xls) - one of seventeen files in the Complete Continuity Toolkit.

FEMA Vulnerability Assessment Methodology (with which the above approach is aligned)

Risk Assessments use hazards, but focus on decisions about vulnerability and cost effectiveness.

The following methodologies and techniques for risk assessment are listed in Section A.5.3.1 of the NFPA 1600, Standard on Disaster/Emergency Management and Business Continuity Programs (2007):
(1) “What-if”: The purpose of the what-if analysis is to identify specific hazards or hazardous situations that could result in undesirable consequences. This technique has limited structure
but relies on knowledgeable individuals who are familiar with the areas/operations/processes.
(2) Checklist: A specific list of items is used to identify hazards and hazardous situations by comparing the current or projected situations with accepted standards. The value of the end result is dependent on the quality of the checklist and the experience/credentials of the checklist user.
(3) What-if/checklist: This technique is a combination of the what-if and checklist techniques, and uses the strength of both techniques to complete the risk assessment.
(4) Hazard and operability study (HAZOP): This technique requires an interdisciplinary team that is very knowledgeable of the areas/operations/processes to be assessed. This approach is thorough, time-consuming, and costly. The value of the end result depends on the qualifications/experience of the team, the quality of the reference
material available, the ability of the team to function as a team, and strong, positive leadership.
(5) Failure mode and effects analysis (FMEA): Each element in a system is examined individually and collectively to determine the effect when one or more elements fail. This is a bottom-up approach; that is, the elements are examined and the effect of failure on the overall system is predicted.
(6) Fault-tree analysis (FTA): This is a top-down approach where an undesirable event is identified and the range of potential causes that could lead to the undesirable event is identified. The value of the end result is dependent on the competence in using the FTA process, on the credentials of the team, and on the depth of the team’s analysis.
NFPA 1600 (23007) pdf

Scenario modelling (of interactions between hazards, vulnerabilities and exposures) is a crucial step which informs sound risk ranking and planning considerations.
Results from recent analyses and performance reviews recognize that “comprehensive planning, including using the results of disaster simulations, can help organizations better prepare for potential disasters and thereby mitigate their effects”. (Ref: GAO-07-114 SBA Disaster Preparedness, Feb 2007, p. 3-4)

Generate and model scenarios by identifying what, why, where, when and how events could effect the entity (business).
Premise predicaments - and tease out issues for prevention, preparedness, response and recovery.

Free EPCB Risk Assessment Register aligned with ISO 31000 (xls)

Scenarios provide an excellent platform to engage stakeholders, assess risks and exercise key management competencies.
EPCB use quality planning processes to ensure tailored outcomes are achieved.

EPCB's quality approach to developing and delivering tailored, scenario based exercises (286 KB pdf - 8 pages).

Description

Price

1.

Buttress - Business Continuity and Crisis Management Software
Meet the CEO's requirement - tailored reports address your decision making needs (for prevention, response and recovery). An easy to use Access Database, Guidelines and Crisis Management Planning Framework. Immediately available for download as a Zip file.

$85.50

2.

Complete Continuity Toolkit
Guidelines, tools and templates. Our most popular download. In one immediately available Zip folder, seventeen Microsoft files (Word; Excel; and PowerPoint.) - readily tailored to meet your needs. Unsolicited Feedback: "Many thanks. This toolkit is brilliant!" (Mr. Doug Nelson, MBCI, CBCP, Business Continuity Manager, CHIRON, Emeryville, California.)

$49.95

All prices in US Dollars

Last updated 26 Jan 2012, the material on this website is provided for general information and as such, should not be relied upon for the purpose of any particular matter.

NOTE: It appears your browser does not support scripting (javascript).

Scripting is required to use this site. Please ensure scripting is enabled in your browser before continuing. If you have questions about enabling scripting on your browser please contact customer support at MyQuickResponse.