Risk Analysis

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to: navigation, search
1. Risk Analysis or RA is the process to evaluate and determine the risk rating, which is the product of risk likelihood and risk impact.

Related Terms: Risk Likelihood, Risk Impact, Risk Rating, Risk Analysis and Review, Risk Assessment, Risk Appetite, Risk Level.

Risk Analysis as part of the ISO31000 Risk Management Framework

Note: Risk Analysis often involves a systematic use of information to identify sources and to estimate the risk. It provides a basis for risk evaluation and its risk treatment.


Analysing And Reviewing The Risks For Business Continuity Planning BUY!
BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2B: Intermediate (BC)



BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2C: Intermediate (CM)



BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2D: Intermediate (DR)



Courses

(Source: Business Continuity Management Institute - BCM Institute)

2. Process to comprehend the nature of risk (2.1) and to determine the level of risk (2.23)

Notes (1) : Risk analysis provides the basis for risk evaluation (2.24) and decisions about risk treatment (2.25).

Notes (2) : Risk analysis includes risk estimation.

[ISO Guide 73:2009, definition 3.6.1]

(Source: ISO 31000:2009 – Risk Management — Principles and Guidelines) - clause 2.21

3. Risk Analysis is the process of identifying the risks to an organization, assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and evaluating the cost for such controls. Risk analysis often involves an evaluation of the probabilities (likelihood) of a particular event.

(Source: Disaster Recovery Institute International / Disaster Recovery Journal - DRII/DRJ)

4. The identification and assessment of the level(measure)of the risks calculated from the assesses values of assets and the assessed levels of threats to,and vulnerabilities of,those assets.

(Source: OGC, Information Technology Infrastructure Library (ITIL) v3)

5. Determination of the likelihood and impact of each risk occurring. Risk Analysis provides the basis for risk evaluation, risk treatment and risk acceptance.

(Source: ENISA - the European Network and Information Security Agency. BCM & Resilience Glossary)