Risk Management Process in 5 steps.

The first step is to Setting the Context. It includes defining the scope and objectives of the risk management process, establishing the criteria for risk assessment, and identifying the stakeholders.

The second step is to Identify and Assess Risks.

To identify risks you can use:

  • historical or evidence-based methods (audit, incident reports, public media, annual reports),
  • systematic approach – expert opinion (vulnerability assessment, review of BCP and DRP, interviews and workshop with managers, customers and employees),
  • theoretical analysis – e.g. penetration testing,
  • existing taxonomy – already existing risk library with already indicated risks.

When assessing risk remember to include both likelihood and consequences. Following tools will be very useful:

  • Risk Matrix,
  • BowTie analysis, or
  • Decision Tree.

The third step is to Analyze Risks and Evaluate Business Impact. We need to fully understand those risks to prioritize risks based on their potential effect on business objectives.

The fourth step is to Response to the Risk. Do we accept? Do we mitigate? Do we transfer? Do we avoid?

Finally, we Report and Communicate. Simple, right?

Leave a Reply

Your email address will not be published.