IJCA - Volume 2 - Flipbook - Page 41
2023 | Volume 2, Issue 1
5. In the event of the potential crisis, to what extent
will your company’s bottom line be damaged?
Respondents should answer with a value between
1 and 10 for each of the five questions. Then, the
practitioner takes these values and calculates the
average to arrive at a single value for Impact. This
could provide a more insightful value for Impact
based on the position of the individual within the
organization.
Significance/Importance Factors
Another aspect of the modified Fink approach to
risk assessment and analysis is the inclusion of
Significance or Importance Factors. These factors
can be used to add a weighted approach towards
the original risk assessment and analysis of Impact
and should be between 1 and 5. For example,
an organization may identify that the CEO of the
organization has more of a holistic understanding
of the organization, compared to, for example,
an employee who works in the warehousing and
shipping department. In this case, the organization
may assign a Significance Factor of 5 to the CEO,
and a Significance Factor of 1 to the warehousing/
shipping employee. After receiving the anticipated
Impact values for each risk from each employee, the
practitioner would multiply each value by the relevant
Significance Factor. For example:
TABLE 7.
Risk
Loss of internet
connectivity while
traveling
CEO Impact
Response
Warehousing/Shipping
Employee Impact Response
5
5
While both have used 5 as the anticipated impact,
the CEO’s Significance Factor is 5, while the
warehousing/shipping employee’s Significance
Factor is 1. Notice below how the CEO’s answer
now carries far more weight than that of the
warehousing/shipping employee:
TABLE 8.
CEO Impact
Response
Warehousing/Shipping
Employee Impact Response
Loss of internet
connectivity while
traveling
5(SF=5)
5(SF=1)
Recalculated with
Significance Factor
25
Risk
5
This will skew the data based on the weighted
response, which may better serve the practitioner
41
in some cases. In some situations, it makes sense
to use this additional factor, in others, it may not;
it is completely up to the organization and risk
assessment practitioners to decide. As a final
example, if the risk is one having to do with overall
finance of the company, it makes sense for the
CEO to have a greater Significance Factor than the
warehousing/shipping employee; however, if the risk
is one that has to do specifically with warehousing or
shipping of products, perhaps the opposite may be
true and the warehousing/shipping employee should
have the greater Significance Factor.
Graphical Representation of Data
A picture is worth a thousand words. This phrase is
constantly repeated in marketing, sales, finance, data
management, and many other professional courses
and collections of best practices. The same holds
true for risk assessment and analysis. If results
can be demonstrated, rather than written, often, the
audience will better understand the data. Further,
presenting data graphically saves all parties time
and effort.
Categorization of Risks
Categorization of risks can be both a positive and a
negative influence on risk assessment and analysis.
While categories help reduce duplicate work and
combining similar or like risks may help reduce
the number of items in a risk assessment, there is
a chance that when combined, the “essence” of a
specific risk is lost. Perception is a very personal
process. If practitioners are not entirely clear on the
subject and “essence” of the risk being proposed,
the point of the risk may be lost due to perceptional
differences. If practitioners are unsure of the specific
meaning of a risk, conferring with the interested
party that reported the risk is certainly advised.
This concept also holds true when combining like
mitigation or contingency plans and should be
considered at every turn of the risk assessment and
analysis. Perception is a powerful factor that could
have far-flung influences on your overall process if
not appropriately considered and controlled.
Contingency Plans
This paper briefly discussed contingency plans
as the focus was more on risk assessment
and analysis, rather than on risk management.
Contingency plans are often more associated with
overall risk management as they are not something
