One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 2148843 |
| Date de publication | 2020-07-17 16:53:31 (vue: 2021-01-06 20:37:57) |
| Titre | NBlog July 17 - an appetite for risk |
| Texte |  Today we've been chatting about this on the ISO27k Forum: "Let's assume that the company is willing to accept risks with a potential financial impact less than $50k. Obviously after performing risk assessment, we need to decide which treatment option we should follow. In case when the potential impact of the risk is below $50k - (risk appetite), we should accept the risk, right? My question is: what happens if for some reason, multiple Low Risks (below risk appetite value/already accepted) occur at the same time? Should the Risk Appetite represent an aggregation of all low risks or just reflect the appetite for a single risk?"I suggested considering 'coincident risks' as another entire category or class of risks, some of which may well be above the risk appetite/acceptance threshold even if the individual risks fall below it. It gets worse. There are many other coincidences, errors, failures, issues and exceptional circumstances that could occur - in extremis, it's an infinite set of possibilities given all the permutations and combinations.Our collective failure to identify and take seriously the possibility of a pandemic landed us in the poo we're in now. Even those organisations that did have pandemic controls in place have found the going tougher than anticipated, some discovering that their stockpile of sanitizer and masks had not been properly stored and maintained, and hence was next to useless when called upon. Trust me, it can be a sobering exercise to run a risk workshop focused on rare but extremely impactful events, the outliers that we tend to ignore in routine risk management because it's hard enough dealing with the commonplace extreme events, let alone the rarities. Every well-managed organisation needs to deal sensibly with the scarily vague “something else happens and lands us in serious trouble” situations, when classical scenario planning runs out of steam. There are far too many possibilities to even enumerate, let alone evaluate and treat individually: a more general-purpose approach is required. |
| Envoyé | Oui |
| Condensat | $50k my insurance it that trust about above accept accepted after against aggregation all alone although another anticipated appetite appetite/acceptance approach are aspects assessment assume available because been below both business businesses but called can case category chatting circumstances class classes classical coincidences coincident collective combinations commonplace company considering constraints contingency continuity controls could crisis deal dealing decide did discovering else enough entire enumerate errors evaluate even events every exceptional exercise extreme extremely extremis failure failures fall far financial focused follow forum: found general gets given going had happens hard have hence hopefully identify ignore impact impactful incident individual individually: infinite insurance insured insurers interruption is: iso27k issues july just landed lands leads less let line low maintained managed management many masks may more multiple nblog need needs next not now obviously occur option organisation organisations other out outliers own pandemic particular performing permutations place planning poo possibilities possibility potential price properly protect purpose question rare rarities reason reflect represent required resilience right risk risks risky routine run runs same sanitizer scarily scenario sensibly serious seriously set should single situations situations: sobering some steam stockpile stored suggested take tend than thinking those threshold through time today too tougher treat treatment trouble” unbounded upon useless vague value/already various well what when which willing workshop worse “something |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.