Continuity Planning and Operations Concepts Specialists, Inc.
Turning
negative events into positive outcomes
Assessment
Man Made - Train
Derailment
Man Made - Train
Derailment
Service Description
The
Business Impact Analysis (BIA) and the Risk Assessment (RA) are two widely used
terms describing essentially the same thing. What you call this process is
primarily dependent upon your organization and whether you are a commercial
enterprise or a governmental agency. If you are a business, typically you
are interested in a BIA; if you are an agency, you are probably seeking an RA.
No matter which term is
used, a BIA or an RA is the first step in the development of a
continuity/contingency plan. During this process critical business or
organizational risks are identified, prioritized, quantified and assessed.
Such risks could run the gambit from network security holes to financial or
regulatory liability exposure; from major operational process flaws to
unpreparedness for natural or man-made disasters. Understanding these
risks in some depth and their impacts and probabilities of occurrence, is
essential for the establishment and implementation of a sound continuity or
contingency plan.
Not all risks are
necessarily bad. Risks and responses to risks can represent major
opportunities. A risk not taken frequently can be a chance lost for
business expansion or service improvements. CPOCS, after gauging your
company's or group's risk tolerance, will help you not only identify and
quantify your risks, but also separate them into those that may be worth taking
and those that probably should be avoided or mitigated. Our focus will be
on helping you gain a better understanding of the major risks facing your
company or group and assess their potential costs and benefits relative to each
other. If desired, CPOCS, as follow-on services, can proceed further by
tying these assessments together in a continuity or contingency action plan and
a concept of operations.
Key Benefits
After CPOCS provides you
with our audit results, your company or group will be able to concentrate its
efforts and resources on those risks with the greatest impact and highest
probability of occurrence. This assessment can include:
Identification of the
vulnerabilities and threats to the continuation of your business or
operations.
Validation and testing of key business and operational assumptions.
Qualification of the risks through an assessment of their estimated impacts,
frequency, and probabilities.
Further assessment of the top risks, where called for, using multiple risk
quantification techniques.
A
quantified and prioritized list of the most critical risks .
An analysis of the estimated costs and benefits of dealing with these risks
under various scenarios.
More realistic project objectives, cost and scope targets.
Capabilities
In the course of
conducting a business impact analysis or risk assessment
CPOCS can provide you with the following deliverables:
Risk Identification
Historical review of
the major risks that have occurred in the past and their possible relevance to
the future.
Identification of the major business continuity risks and risk triggers
associated with critical business unit processes, structures,
inter-relationships, and external relationships.
Decomposition of these risks into their probable characteristics, i.e.,
vulnerabilities, threats and frequencies.
Risk Analysis
Analysis and testing
of the assumptions associated with the identified risks.
An analysis of the identified risks, and their associated impacts and
probabilities, using qualitative and quantitative techniques.
A
relative risk score for each identified risk based on its assessed impact and
probability.
A
prioritized list of the risks requiring the most attention.
A
probabilistic analysis of key inter-related risks.
An analysis of the estimated costs and benefits of dealing with the critical
risks under various scenarios. Could include, as an example, the
identification of costs of not being able to provide products or services due
to a business interruption, i.e., lost revenue, lost opportunities, damaged
reputation, etc.
Identification of realistic project objectives, scope and cost target, and
schedules.
The estimated probability of reaching project objectives.
A
determination of the size of budget contingencies that should be set aside to
account for the most critical risks.
