By Ron Woerner
We experience risk simply by living. It’s not about eliminating risks; it’s about knowing the risks you have and doing something smart about it. We need to take that approach both in our lives and in our business.
Risk Management is the essence of security. The role Risk Management is to identify and assess the risks to business processes and work with the business owners or service providers to appropriately mitigate those risks. We are all about identifying risks and finding appropriate strategies for managing the risk.
Here’s a simple equation: RISK = IMPACT X PROBABILITY.
Once you see a potential risk, it is weighed against the burden or cost of reducing impact, probability or both. Not every risk requires attention, but that doesn’t mean that risks can or should be ignored. Mitigation strategies include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk. In ideal risk management, the risks with the greatest impact and the greatest probability of occurring are handled first, and risks with lower probability of occurrence or lower loss are handled later.
Risk management is about finding and solving problems. You can use the same risk equation and process for managing any risks or problem. Ask yourself:
•   What am I trying to protect? That is your asset.
•   What bad things can happen to it? This is the threats to the asset.
•   How much money could I lose should these bad things happen?
•   What are the weaknesses or vulnerabilities associated with the asset?
•   What am I already doing to reduce the risk?
The first three questions define the Impact and the last two define the probability. Together they formulate the overall risk.
After you have asked and answered these questions, you can decide what you are going to do about it. This process allows you to prioritize and make knowledgeable decisions on risks, wherever you find them.
By working together, we all become stronger.