Facts About Risk Assessment & Business Continuity
An important question to ask yourself as a business owner: If a disaster event occurred, would my company survive? Hazard scenarios require emergency plans to help your business recover quickly and efficiently, with the ultimate goal of returning to acceptable levels of operation. To do this, you must tailor your Business Continuity strategy to fit the threats and risks that are specific to your organization.
Threats vs. Business Risks
Threats and business risks are not the same thing and there is often confusion between the two.
A risk is a situation that leads to the disruption in an organization’s ability to deliver products and services. Examples of risk include: loss of revenue, loss of competitive advantage, property damage, customer dissatisfaction, and opportunity lost during downtime.
A threat is an incident that may cause harm to individuals, assets or facilities. Examples of threats for businesses include: fire, loss of power, hardware failure, water leak, staff illness, strike, and bad publicity.
Threats lead to business risks, so business owners must invest time and resources to identify these threats and prepare plans to recover after the risk begins.
Classify threats into different categories (high vs. low probability & immediate vs. long-term impact) to determine the potential damage and the estimated amount of time needed to recover.
Ask “what if?” questions to identify key business resources, access possible impacts of risk (separate major and minor) and develop options for risk management (accept, mitigate or transfer risk).
Identify existing controls for disaster scenarios and think about potential control enhancements for improving your Business Continuity plan.
Risk management is often ignored by business owners who focus on catastrophic events (natural disasters) with low probability of occurrence, instead of high probability internal events (human error, poor management).
It is important to create a Business Continuity plan which includes backing up data to a secure facility in order to allow for quick recovery time and minimal damage to your organization. Don’t ignore the reality that disasters can happen. Be prepared to survive them when they do.