Risk Assessment Process

00:00

This is risk management and information technology.

00:03

In this lesson, we will be discussing the risk assessment process,

00:06

how risk is calculated and the different risk assessment methodologies.

00:10

Let's start by talking about risk assessment,

00:13

Calculating risk or risk assessment is usually done by 3rd party or auditing group.

00:19

The German large organizations are audited by 3rd Party to ensure impartial assessments that follow best practices in that industry,

00:27

third party organizations are also capable of determining the proper scope of the research and assessment.

00:34

They are also able to calculate the liability of the risk following industry standards.

00:40

This allows the 3rd Party auditors to produce a reliable measurement of the risk in line with the industry that the organization is in.

00:49

So how does the risk assessment process work?

00:52

1st upper management initiates assessment

00:55

by defining the scope with regards to the business unit or part of the organization such as ICT operations.

01:03

The hired risk assessment team then creates a report based on methodologies that details risk within that scope.

01:08

After the reports received by upper management, they decided what the next steps are and which risk are actionable and which ones are not.

01:19

Okay, let's talk about the risk assessment process.

01:22

First step is management that requests for the risk assessment. Of course they hired the risk assessment team which determines the risk.

01:30

After that report is generated. Management receives that risk report

01:36

and then they approve, reassign or reject those recommendations

01:40

based on the responses. The staff executes those risk management recommendations

01:45

and the process starts over once new risk assessments needs to be made.

01:52

Next let's talk about the risk assessment methodologies used by the risk assessment team.

01:57

Qualitative risk analysis uses scenario based surveys and questionnaires given to employees across the scope of the risk assessment.

02:06

While quantitative risk analysis uses calculations

02:09

and leverages the data that the risk assessment team has on the industry as well as statistics.

02:15

A combination of these two methodologies provide a better view of the risk levels of the organization

02:22

within that scope.

02:23

With this in mind, let's talk about qualitative risk assessment.

02:28

This is a scenario based assessment that utilizes service and questionnaires that is sent out the organization in scope of the risk assessment.

02:35

The results are collected and tabulated against the scale to evaluate risks, costs and effects.

02:42

Now, let's talk about quantitative risk assessment. This is calculation based and uses probability percentages to calculate the risk.

02:50

It also uses dollar figures to determine the levels of risk. The potential loss cost of countermeasures and value of safeguards.

02:58

Still could quiz.

03:00

Which of the following is not a reason why a third party should conduct a risk assessment

03:06

set A because of the size of the organization.

03:08

Be because of the scope of research and assessment

03:13

see? Because the employers lack of fated employees

03:16

be because the liability of the risk or e.

03:20

Because you want to produce a more reliable measurement of real world risk.

03:23

So

03:23

the answer is c

03:27

the employer does not have lack of faith employees because you want to ensure more accurate and reliable report and measurement of the risk.

03:36

That's why you want to pick a 3rd party.

03:40

Okay, next.

03:43

Which of the following is not a reason why scope is important to risk has has made

03:46

said A. The cover the size of the organization

03:50

be to cover the assessment does not go out of budget.

03:53

See to produce a more reliable measurement of risk.

03:57

The

03:58

to limit the liability of the risk assessment

04:01

and the answer is B

04:03

to ensure the assessment does not go out of budget.

04:08

Which of the following is the reason why scope is important to risk assessment?

04:11

Is it a the cover the size of the organization

04:15

be to produce a more reliable measurement of real world risk See to limit the liability of the risk assessment or D All of the above

04:24

the answer is D all of the above the scope defined what is covered in the risk assessment to ensure that the result is accurate, reliable and actionable for the organization.

04:36

Last

04:38

which of the following is not a risk assessment methodology.

04:41

Is it a quantitative risk assessment?

04:44

Be qualitative risk assessment? See a combination of the first two

04:48

Mordy directly. Question and interview employees.

04:54

The answer is D

04:56

The risk assessment process should be formal, can be tabulated and calculated as well as actionable, directly questioning an interview employees can lead to a reliable data and cannot be easily quantified into an actionable assessment,

05:11

summarize this episode.

05:14

We talked about the risk assessment team and function as purpose why we hired 3rd party.

05:18

We also talked about the risk assessment process and how it goes about from management to the risk assessment team, back to management

05:27

and into the

05:29

execution side

05:30

and operations.

05:31

We also talked about different types of risk assessment methodologies.

05:36

Yes,