Don't Discount Likelihood

Transcript
During your risk assessment process, you’ll start with identifying your assets, you’ll think about the threats to those assets, and in order to quantify or qualify your risk in your assessment, you’re going to want to identify what the impact and likelihood would be if the threat was realized. Let me give you an example of this. If I lived in Florida, I would consider a hurricane to be a threat and I would consider the impact of the hurricane to be at a certain level, and I would also have to determine what I considered the likelihood to be. Now, the likelihood of a hurricane in Florida is going to be much greater than the likelihood of a hurricane in Wyoming. So, these are the things that you have to quantify as you’re doing your risk assessment. One of my favorite stories from the service that our employees have provided to our clients was a client in New York City who was talking to our auditor about risk assessment, and our auditor said, “You need to think about storms and environmental events that could shut your business down. What would happen if you couldn’t get into your building and you had to go somewhere else?” And they thought that was silly. they said, “If that happened, we would have bigger problems on our hands. The likelihood of that happening is very low.” but because of our auditor's insistence, that added in environmental threats such as hurricanes and storms. It wasn’t very long after that that a hurricane actually hit New York and this client's building was flooded and everyone in the building had to be out of there for two months. Because they had considered the risk of this happening, even though the likelihood they had ranked was very low, they still considered it and it was documented in their risk assessment. So, when it happened, they knew what to do. They had a gameplan for some employees that were in Chicago to pick up the pieces and restore services there. They had employees who traveled from New York to Chicago to continue operations. They thanked our auditor after all that had happened because they had never considered the possibility that a hurricane could hit New York. So that’s very important when it comes to factoring in likelihood. Even though something might be a small likelihood, it’s still something that you should consider in order to address the risk to your organization, should it happen.  

Related Videos