3. Learning Outcomes
• Describe the principles of risk
management.
• Define risk as use in risk assessment.
• Discuss the importance of risk
identification to risk assessment.
4. RISK ASSESSMENT
RISK
IDENTIFICATION
• Find the risk
• Recognize
the risk
• Describe the
risk.
RISK ANALYSIS
RISK
EVALUATION
Comprehend the
nature of risk and
its:
• Characteristics
• Sources
• Consequences
• Likelihood and
scenario
• Support fact-
based and
science-
based
decision.
RISK MANAGEMENT
6. DEFINITION OF TERMS
RISK
• Usually expressed in terms
of sources, events,
consequences, and
likelihood, is the effect of
uncertainty on objectives.
7. DEFINITION OF TERMS
EFFECT
• A deviation from the expected
which can be positive,
negative, or both and can
address, create, or result in
opportunities and threats.
9. Risk Management Principles
a. Integrated
b. Structured and Comprehensive
c. Customized
d. Inclusive
e. Dynamic
f. Best available information
g. Human and cultural factors
h. Continual improvement
10. Risk Assessment and Risk
Identification
RISK
ASSESSMENT
Is the overall process of risk
identification, risk analysis, and risk
evaluation, should be conducted
systematically, iteratively, and
collaboratively, drawing on the
knowledge and views of stakeholders.
11. Factors in Risk Identification
a. Tangible and intangible sources of risk
b. Causes and events
c. Threats and opportunities
d. Vulnerabilities and capabilities
e. Change in external and internal context
f. Indicators of emerging risks
g. Nature and value of assets and resources
h. Consequences and their impact on objectives
i. Limitations on knowledge and reliability of information
j. Time related fators
k. Biases
l. Assumptions
m. Beliefs of involved
14. Hazard /pure Risk
• Risks that can prevent and deter
the achievement of company’s
goals, missions, and objectives.
15. Control Risks
• Risks that can cause uncertainty
or doubt about the ability to
achieve the company’s goals,
missions and objectives.
16. Opportunity Risks
• Risks that usually deliberately
sought or embraced by the
organization specifically for the
future long term success of any
organization.
18. Learning Objectives
• Describes the Principles of risk Analysis.
• Summarize the factors to consider in risk
analysis.
• Discuss the importance of risk analysis to
risk assessment.
19. Definition of terms
Risk
Analysis
An analytical process to provide
information regarding undesirable
events in which it estimates
probabilities and expected
consequences for identified risks.
20. Definition of terms
Event
Is the occurrence or change of a
particular set of circumstances.
Note:
An event can have one or more
occurrences and can have several
causes and several consequences.
21. RISK ASSESSMENT AND RISK
ANALYSIS
• As discussed in the Philippine National
Standard International Standard
31000:2018 (PNS ISO 31000:2018), The
purpose of risk analysis is to comprehend
the nature of risk and its characteristics,
where appropriate, the level of risk.
22. Factors to Consider in Risk
Analysis
• Likelihood of events and consequences.
• Nature and magnitude of consequences.
• Complexity and connectivity.
• Time-related factors and volatility.
• Effectiveness of existing controls;
• Sensitivity and confidence levels.
23. Threat and Vulnerability Assessment and
Risk Analysis
• Risk is a function of the values of threat,
consequence, and vulnerability.
• It is inevitable then, to conduct initially
threat and vulnerability assessment.
• Threat assessment as consideration for
the full spectrum of threats.( Renfroe and
Smith, 2016)
26. INTERPRETATION OF THE RISK
RATINGS
RATING CATEGORY DESCRIPTION
VERY HIGH The risk is totally unacceptable. Immediate
measures must be taken to reduce these risks and
mitigate hazards.
HIGH The risk is unacceptable. Measures to reduce risks
and mitigation hazards should be implemented as
soon as possible.
MEDIUM The risk may be acceptable over the short term.
Plans to reduce risks and mitigate hazards should
be implemented in future plans and budget.
LOW The risks are acceptable. Measures to further
reduce risk or mitigate hazrads should be
implemented in conjunction w/ other security and
mitigation upgrades.
28. Learning Outcomes
• Describe the principles of risk evaluation.
• Summarize the factors to consider in risk
Analysis.
• Discuss the importance of risk evaluation
to risk assessment.
29. Definitions of terms
Risk
Evaluation
A process that I used to compare
risk analysis results with risk
criteria in order to determine
whether or not a specified level
of risk is acceptable or tolerable.
31. Risk Assessment and Risk Evaluation
The purpose of risk
evaluation to support
decisions.
Risk evaluation involves comparing
the results of the risk analysis with
the established risk criteria to
determine where additional action is
required.
32. Action that lead to decisions:
• Do nothing further
• Consider risk treatment options.
• Undertake further analysis to better
understand the risk,
• Maintain existing controls, and
• Reconsider objectives.
33. Severity of Risk Potential
Reduce risk Avoid risk
Retain risk
Transfer
risk
High
High
Low
Frequency of
risk potential
34. Risk Retention-where
both the frequency and
severity of risk is low, risk
is often retain.
Risk transfer- where the
frequency of risk
potential is low, but the
severity of a potential
incident is high.
Risk reduction- where the
severity of potential risk
remains low, but the overall
frequency of risk is increasing
business operators need to
consider ways of reducing their
exposures.
Risk Avoidance- where
frequency and severity of risk
potential are both high,
business operators should
consider cancelling a program
or activity.
35. “Safety and security don’t just happen,
they are the result of collective
consensus and public investment. We
owe our children, the most vulnerable
citizens in our society, a life free of
violence and fear.”
~ Nelson Mandela~