RISK MANAGEMENT

Risks, or vulnerabilities, are always present. There are many categories and levels of risk, each with its own probability of occurrence and level of impact.

There are essentially four elements to risk management, and their relationships are cyclical: risk identification, risk analysis, risk control, and risk reporting.

Risk identification involves identifying the risks, components, and processes potentially affected. Risk analysis is converting information gathered into identification. Risk control is identifying controls that are or should be in place to deal with a threat. Risk reporting is reporting on the results of the risk identification, analysis, and control.

Risk management offers many benefits. It allows for knowing the strengths and weaknesses of a project, product, process, or system. It also enables knowing what measures are in place to deal with risks, and it helps in identifying the probability and impact of a threat. Finally, it gives advance warning about a threat and provides time to prepare for its impact.

for Risk Management

• Understand the project, product, process, or systems as thoroughly as possible.
• Develop a list of components.
• Develop a list of threats and their applicability to each component.
• Prioritize threats and components.
• Identify probabilities of occurrence and impacts.
• Identify controls that are in place and should be in place.
• For controls that are inadequate or nonexistent, determine what actions to take.
• Prepare findings and recommendations.