Risk and vulnerability assessments are tools that provide informed decision making. Risks and vulnerabilities use logic and consistency as the fundamentals to provide decision makers with the information and options necessary to choose efficient effective devices, systems, policies and procedures. A structured approach that reviews and analyzes specific facts, observations and outcomes for the decision maker’s overall goals and objectives.
A risk assessment is the identification, analysis and evaluation of uncertainties to objectives and outcomes. Comparisons between desired and undesired outcomes are provided as well as a potential reward and loss, in regard to the overall objectives.
A risk assessment
– Informs on available options to effectively manage risk and achieve objectives.
– Analyzes possible causes of uncertainty to expose negative outcomes.
– Prioritizes risks and their impact in line with organizational objectives.
– Calculates the effects of uncertainty and the potential impact they could have.
– Aligns organizations with laws and regulations.
A risk assessment consists of four parts. Risk Identification, Risk Analysis, Risk Evaluation and Risk Treatment. Risk Identification consists of identifying assets, valuation and characterization. What is taken into account is threat and the opportunity it has to occur. Risk Analysis is comprised of determined likelihood, consequences, and level of risk. Risk Evaluation considers the priorities, tolerance and acceptability by comparing the criteria. Finally, Risk Treatment ties the entire process together by identifying and assess all the viable options. The preparation of treatment options are also executed in this stage and the residual risk is analyzed and evaluated.
Overall JCG has a combined process of quantitative and qualitative analysis. By using varying degrees of detail the assessment can speak to all levels throughout an organization.