Risk Evaluation and Control

5 Minute Read

DRI International has developed an overview of professional practices designed to “assist the entity in the development and implementation of a business continuity management (BCM) program.” In addition to being sound resiliency methods, these practices serve as a foundation for various DRI business continuity professional certifications.

With this resource as a guide, we at Send Word Now want to briefly examine each professional practice, tying in relevant concepts surrounding emergency communications. In this writing, our second article in a series, we’ll highlight DRI International’s Professional Practice Two: Risk Evaluation and Control.

Risk Evaluation
The goal of practice two is to identify the specific risks and vulnerabilities which can negatively impact an organization’s resources or image. Once completed, each of these threats would be evaluated as to the likelihood the event would occur, and the degree of impact the event would have on the organization.

This process gives managers the ability to focus attention on those risks that have both a high probability of occurrence and a high potential organizational impact. Processes, controls and resources can then be initiated or enhanced surrounding these “high value” targets.

According to DRI International, the resiliency professional’s role in this step is as follows:
• Work with management to develop a standard method for measuring threats while determining the organization’s tolerance for risk
• Launch and manage an information gathering process across the organization to identify vulnerabilities
• Identify probabilities and impacts of the identified risks
• Evaluate the effectiveness of current controls
• Develop resiliency strategies to control, lessen or leverage the potential impact of the risk
• Document all of the risks, vulnerabilities and recommendations, presenting them to the organization’s leadership for approval

Risk Evaluation and Emergency Communications
Woven throughout each risk assessment scenario is the need for (and potential breakdown of) communication. As communication is an “elemental” part of resiliency and recovery, managers are encouraged to address its risks and impacts throughout the risk evaluation process. Consider these questions:
• How will personnel and stakeholders know what is happening, and just as important, what to do in a critical situation?
• What communication gaps exist today, and why?
• What risks and impacts are present if our most common methods for communicating are not available?
• How might communications methods and needs vary across different critical events?

While specific choices on how to deal with any identified challenges or weaknesses may be more appropriately considered in the later strategy development phase of the practice, risk assessments and gap analyses regarding communication are desirable here.

If you’re interested in learning more about DRI International’s BCM certifications, you can find additional information here. Also, watch for future installments in this series through Send Word Now’s monthly newsletter and website/blog. It should also be noted DRI International is not listing these professional practices in order of importance, and suggests some of these may be undertaken in parallel with one another._