Featured:
Allergies
Grilling Guide
eHow Now Blog

How to Build a Risk Management Plan

How to Build a Risk Management Plan thumbnail
Build a risk management plan to protect your business.

Businesses in today's world face risks from all directions. Man-made disasters, both intentional and accidental, natural disasters, catastrophic infrastructure failures and other risks create a challenge for the business building a risk management plan. Risk management planning is how a business seeks to identify risks and devise responses to those risks to maintain business operations after a disaster. A solid risk management plan will ascertain the level of exposure to identified risks and provide ways to respond to risks.

Instructions

    • 1

      Establish a risk management team. This team may include employees from departments such as security, audit, information systems, finance and human resources. Each of these team members brings expertise from his area of responsibility. Their input is invaluable in building a solid risk management plan.

    • 2

      Perform a risk analysis on your business. A risk analysis is a critical step in risk management. Identify, assess and measure the likelihood of an event and the impact that event would have on your business. This impact is typically measured in dollars, but can also include impact on personnel. A proper risk analysis will help to determine strategies for each risk identified, and measuring the impact of those risks will help to determine where to spend your company's money to address the risks.

    • 3

      Develop risk strategies. After the risk analysis is complete, the company must address the identified risks. There are several responses to risk: eliminate; share; mitigate; accept. Many companies are carrying out processes that are legacy in nature. That is, they've been done for so long that nobody really knows why they are still being done. Many times, these processes can be eliminated or modified to eliminate, or at least mitigate, any associated risk. In other cases it may be appropriate to share the risk. Another word for sharing is "insurance." When your company purchases business interruption insurance, it is "sharing" the risk of a disaster that interrupts business operations.

      Finally, there are some risks that are so small or unlikely, and the cost of mitigation or elimination is so high, that your business may decide to just accept the risk.

    • 4

      Implement risk controls. These should include controls designed to prevent events, controls to support personnel in the event of an event and controls to facilitate recovery after an event. Hardware and software systems, security systems and administrative tools make up support controls. Intrusion detection/prevention systems, access control systems and physical security measures are preventive controls. Recovery controls include backup and restore procedures, separation of duties, disaster recovery drills and routine audits. Each of these controls is an important component of a solid risk management plan.

    • 5

      Implement a good employee training program. There is no substitute for trained, knowledgeable personnel in a disaster. When each employee knows his role in some disaster, regardless of the nature of the disaster, the likelihood of recovery is greatly increased.

Related Searches:

References

Resources

  • Photo Credit Fire in sumer image by Auran from Fotolia.com

Comments

You May Also Like

Related Ads

thumbnail
Featured