Identifying, Evaluating, Recording and Responding to Your Risks (IERR)
The first step to managing risk is to identify the risks to your business and then evaluate them. You then record and report on them and finally respond by developing appropriate strategies to address the threats they pose in a structured way. Using this ‘IERR’ process, you can judge how risks impact on your business.
As you may have spotted, the process of risk assessment is closely linked to the Business Impact Analysis (BIA) that we discuss in Chapter 4, which is where we also help you identify your critical activities and assess the maximum period for which they can potentially be disrupted before the disruption proves threatening to your entire business.
A risk strategy is simply deciding how you’re going to address a risk or a group of risks. You may decide that for specific risks you need insurance. For others you may choose to invest to reduce the risk. For still others, you may choose to do very little or even nothing because of a low impact or slight chance. You can blend risk strategies to optimise the benefits, reduce costs or create more effective solutions.
This process may seem like a lot of work initially, but it’s all manageable. And when the systems are in place and you’ve trawled the risk-infested waters in which your organisation swims and assessed what you’ve found, ongoing maintenance is ...
Get Business Continuity For Dummies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
