SUBJECT AREA 2: RISK EVALUATION AND CONTROL
Determine the events and external surroundings that can adversely affect the organization
and its facilities with disruption as well as disaster, the damage such events can cause, and
the controls needed to prevent or minimize the effects of potential loss. Provide co st/benefit
analysis to justify investment in controls to mitigate risks.
A. The Professional’s Role Is to:
1. Identify Potential Risks to the Organization
a. Probability
b. Consequences/Impact
2. Understand the Function of Risk Reduction/Mitigation within
the Organization
3. Identify Outside Expertise Required
4. Identify Exposures
5. Identify Risk Reduction/Mitigation Alternatives
6. Confirm with Management to Determine Accep table Risk Levels