Difference between revisions of "Risk"

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to navigation Jump to search
Line 14: Line 14:
 
|}
 
|}
  
 +
{{Template: BookMGBCPlan}}
 +
{{Template: BookMGISO22301}}
 +
'''2.''' Effect of uncertainty on [[Objective|objectives]].
  
'''2.''' Effect of uncertainty on [[Objective|objectives]].
 
{{Template:BookPSRAR}}
 
 
'''''Notes (1)''''' : An effect os a deviation from the expected - positive or negative.
 
'''''Notes (1)''''' : An effect os a deviation from the expected - positive or negative.
  

Revision as of 01:28, 4 November 2020

1. Risk is the potential loss exposure due to a threat; which causes a disruption to business operations, and preventing them from achieving the Minimum Business Continuity Objective (MBCO).

Related Terms: Risk Likelihood, Risk Impact, Risk Level, Risk Rating, Threat, Crisis Scenario

 


BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 1B: Foundation (BC)


BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 1C: Foundation (CM)


BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 1CC: Foundation (CC)


BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 1D: Foundation (DR)

(Source: Business Continuity Management Institute - BCM Institute)

2. Effect of uncertainty on objectives.

Notes (1) : An effect os a deviation from the expected - positive or negative.

Notes (2) : Objectives can have different aspects (such as financial, health, safety, and environmental goals) and can apply at different levels (such as strategic, organizational-wide, project, product, process). An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as a business continuity objective or by the use of other words with similar meaning (e.g. aim, goal, target).

Notes (3) : Risk is often characterized by reference to potential events (Guide 73, 3.5.1.3) and consequences (Guide 73, 3.6.1.3), or a combination of these.

Notes (4) : Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (Guide 73, 3.6.1.1) of occurrence.

Notes (5) : Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequences, or likelihood.

Notes (6) : In the context of business continuity management system standards, business continuity objectives are set by the organization, consistent with the business continuity policy, to achieve specific results. When applying the term risk and components of risk management, this should be related to the objectives of the organization that include, but are not limited to the business continuity objectives as specified in 6.2.

(Source: ISO 22301:2012 – Societal Security – Business Continuity Management Systems - Requirements) - clause 3.48

3. Something that might happen and its effect(s) on the achievement of objectives.

(Source: AE/HSC/NCEMA 7000:2012)

4. Effect of uncertainty on objectives.

Notes (1) : An effect is a deviation from the expected - positive and/or negative.

Notes (2) : Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product, and process).

Notes (3) : Risk is often characterized by reference to potential events, consequences, or a combination of these and how they can affect the achievement of objectives.

Notes (4) : Risk is often expressed in terms of a combination of the consequences of an event or a change in circumstances, and the associated likelihood of occurrence.

Notes (5) : Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of an event, its consequence, or likelihood. ([SOURCE: ISO Guide 73])

(Source: ISO 22390:2011 - Societal Security - Guidelines for Exercises and Testing) - clause 3.21

5. Combination of the probability of an event and its consequences.

Notes (1) : The term “risk” is generally used only when there is at least the possibility of negative consequences.

Notes (2) : In some situations, risk arises from the possibility of deviation from the expected outcome or event.

(Source: ISO 22399:2007 – Societal Security - Guideline for Incident Preparedness and Operational Continuity Management) - clause 3.33

6. Effect of uncertainty on objectives.

Notes (1) : An effect is a deviation from the expected — positive and/or negative.

Notes (2) : Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process).

Notes (3) : Risk is often characterized by reference to potential events (2.17) and consequences (2.18), or a combination of these.

Notes (4) : Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (2.19) of occurrence.

Notes (5) : Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of an event, its consequence, or likelihood.

[ISO Guide 73:2009, definition 1.1]

(Source: ISO 31000:2009 – Risk Management — Principles and Guidelines) - clause 2.1

 

7. Something that might happen and its effect(s) on the achievement of objectives.

(Source: British Standard BS25999-1:2006 Code of Practice for Business Continuity Management)

8. Risk is the potential of exposure to disruption due to threat. Risk affects business continuity. It can be measured in terms of probability and impact.

(Source: Singapore Standard 540 - SS 540:2008)

9. The chance of something happening, measured in terms of probability and consequences. The consequence may be either positive or negative. Risk in a general sense can be defined as the threat of an action or inaction that will prevent an organization’s ability to achieve its business objectives. The results of a risk occurring are defined by the impact.

(Source: Business Continuity Institute - BCI)

10. Potential for exposure to loss. Risks, either man-made or natural, are constant. The potential is usually measured by its probability in years.

(Source: Disaster Recovery Institute International / Disaster Recovery Journal - DRII/DRJ)

11. The chance of something happening that will have an impact on objectives.

NOTE 1:A risk is often specified in terms of an event or circumstance and the consequences that may flow from it.

NOTE 2:Risk is measured in terms of a combination of the consequences of an event and their likelihoods.

NOTE 3:Risk may have a positive or negative impact.

NOTE 4:See ISO/IEC Guide 51,for issues related to safety.

(Source: HB 221:2004 Business Continuity Management)

12. The chance of something happening that will have an impact upon objectives.It is measured in terms of consequence and likelihood.

(Source: Australia. A Practitioner's Guide to Business Continuity Management HB292 - 2006 )

13. A measure of the exposure to which an organization may be subjected.This is a combination of the likelihood of a business disruption occurring and the possible loss that may result from such business disruption.

(Source: OGC, Information Technology Infrastructure Library (ITIL) v3)

14. Combination of the probability of an event and its consequence. [ISO/IEC Guide 73:2002]

(Source: Malaysia BCM Standard MS1970:2007)

15. Effect of uncertainty on objectives.

NOTES:

  • An effect is a deviation from the expected - positive and/or negative.
  • Objectives can have different aspects such as financial, health and safety, and environmental

goals and can apply at different levels such as strategic, organization-wide, project, product, and process.

  • Risk is often characterized by reference to potential events, consequences, or a combination

of these and how they can affect the achievement of objectives.

  • Risk is often expressed in terms of a combination of the consequences of an event or a change

in circumstances, and the associated likelihood of occurrence.

(Source: AS/NZS 5050.1 Australian and New Zealand Standards for business continuity management.

Part 1: Business continuity management system specification)

16. Effect of uncertainty on objectives.

NOTES:

  • An effect is a deviation from the expected - positive and/or negative.
  • Objectives can have different aspects such as financial, health and safety, and environmental

goals and can apply at different levels such as strategic, organization-wide, project, product, and process.

  • Risk is often characterized by reference to potential events, consequences, or a combination

of these and how they can affect the achievement of objectives.

  • Risk is often expressed in terms of a combination of the consequences of an event or a change

in circumstances, and the associated likelihood of occurrence.

(Source: AS/NZS 5050.2 Australian and New Zealand Standards for business continuity management.

Part 2: Business continuity management practice standard)

17.

  • The chance of being exposed to an infectious agent by its specific transmission mechanism.
  • The chance of becoming infected if exposed to an infectious agent by its specific transmission mechanism.

(Source: Centers for Disease Control and Prevention)