Risk assessment “is the process activity that includes risk identification, risk analysis and risk evaluation” 61. The process of risk assessment is “the process of determining which risks should be addressed and how they should be addressed” 73. By identifying specific threats to business operations and measuring each one’s probability of occurrence, specific methodologies can be applied to justify the budget to find avoidance controls 4. Both business risk and information technology-specific risk must be addressed using the same methodology, only the details will differ. We can use the following equation to define risk as well:
Risk ” Threat / (Likelihood / Vulnerability) / Impact”
As per the 62 risk can be assessed at an organizational level, at a departmental level, for projects, individuals, activities or specific risks. Different tools and techniques may be appropriate in different contexts. While assessing risks, it is important to consider all critical elements affecting an organization. Such factors as determining critical information systems, establishing recovery priorities and identifying target recovery times for each application need to be taken into account 74 16 75. Risk assessment provides an understanding of risks, their causes, consequences, and their probabilities. This provides input to decisions about:
1. Where an activity should be undertaken
2. How to maximize opportunities
3. Whether risks need to be treated,
4. Choosing between options with different risks.
5. Prioritizing risk treatment options
6. The most appropriate selection of risk treatment strategies that will bring adverse risks to a tolerable level.
Risk assessment typically focuses on potential business exposure 76. The ultimate objective of the risk assessment phase is to provide management with necessary information to further evaluate – or analyze – each identified threat 67. The risk assessment must be conducted within the first phases of the implementation cycle to systematically assess the potential impacts of all unexpected events to the organization 54.