Article | July 8, 2019

How To Structure Risk Assessments

Source: IT Glue

By Josh Oakes, IT Glue


What should a risk assessment look like? Risk assessments are a critical part of risk management. After all, you can’t manage what you don’t know about. What should a risk assessment look like? But there’s a lot of different ways to structure a risk assessment, but at the end of the day some methods deliver more value than others. In this second part of our series of risk management, I Thought You Were Taking Care of That, we discuss how to structure risk assessments so that you can get the most value possible from them.

The Four Pillars

There are four pieces of information that should be included in every risk assessment. They are importance, category, RPO/RTO and impact.

Pillar #1: Importance
The best way to define importance is by the amount of time lost if the event occurs. The reason is simple – the biggest cost your clients is downtime. Downtime affects your clients’ capacity to sell, market, and run their operations. If your client loses its system for taking credit card payments online, and it has a major e-commerce business, then any downtime to the credit card payment system is critical. Other systems may not be as important. Prioritize risks by how important the affected item is to the business.