It can seem daunting to begin a brand-new process for your business. However, risk assessments are an easy way to remain resilient in this ever-changing economy, protecting you and your business in the long term.
Identify a champion who will drive the initiative. For larger organisations, it would be good if there was a champion per function. A decision-maker is an important part of the process. If you are carrying out a risk assessment, make sure there is someone who can stand up and take action to implement these changes, so these changes can benefit your company in the long run.
Identify your business-critical services, the systems and the third parties they depend on. Conduct a detailed risk assessment on the "Service Disruption" risk. Identify any missing controls, protections, or mitigation. Address the gaps identified and come up with a strategy to take action.
This includes cyber-risk. Key areas to focus on:
Develop a response plan to guide your response to a service disruption. Keep your plan generic, but consider loss of building, loss of systems, and loss of people. Then develop contingencies for each loss.
Focus on how you will deliver essential services following a severe disruption. Develop response plans to deal with specific incidents (e.g. cyber-attacks). Communicate your plans to all relevant employees and third parties.
Update your plans after each test — you will always learn something from a test or exercise. Part of risk assessment is taking your findings, learning from them and adapting to grow more resilient in the future.
Consider how you might recover from a disaster such as a fire or flood.
If an incident becomes a crisis, you will need a Crisis Management plan in place.
Third parties are a risk too. Ensure you have appropriate oversight and management of third-party relationships.
Take a resilience self-assessment to see how your risk management would benefit your company's resilience. Once these steps are implemented, you can assess how resilient you are.
Find out more on our resilience self-assessment, as well as an in-depth and easy-to-follow guide on how to get started with operational resilience by downloading our latest White Paper on our website here.
