Академический Документы
Профессиональный Документы
Культура Документы
Further Actions
Revised Risk level (L, M, H or VH - see Sheet 1)
Further Action Needed & Opportunities for improvement - Include milestone(s) & target date(s)
Assigned To
VH VH VH VH H H
H
Opportunities for
VH VH VH VH H H H M M M L L L
M M M
L
L L
Page 1 of 14
Risk Assessment
Determining the Level of Risk
This worksheet can be used to identify the level of risk and help to prioritize any interventions or control measures. Step 1. Determine your risk appetite establish your areas of consideration ("things you value") & your acceptability thresholds. Consider the consequences and likelihood for each of the identified risks and use the matrix* below to establish a risk level. NB: This workbook will record the quality of your planning process - it will not ensure it.
Consequence Criteria
The "area of consideration" example used below is injury to people. You should copy this template and adjust these criteria for each "thing you value".
1 Insignificant
Dealt with by in-house first aid, etc
2 Minor
Medical help needed. Treatment by medical professional/hospital outpatient, etc
3 Moderate
4 Major
5 Catastrophic
Significant non-permanent Extensive permanent injury Death. Permanent disabling injury.Overnight (eg loss of finger/s) injury (eg blindness, loss of hospitalisation (inpatient) Extended hospitalisation hand/s, quadriplegia)
A-
Almost certain to occur in most circumstances Likely to occur frequently Possible and likely to occur at some time Unlikely to occur but could happen May occur but only in rare and exceptional circumstances
Medium (M) Medium (M) Low (L) Low (L) Low (L)
High (H) Medium (M) Medium (M) Low (L) Low (L)
High (H) High (H) High (H) Medium (M) Medium (M)
Very High (VH) High (H) High (H) Medium (M) Medium (M)
Very High (VH) Very High (VH) High (H) High (H) High (H)
Likelihood
BCDE-
Matrix* from page 55 of HB 436:2004 issued by Standards Australia to support the Australia / New Zealand Standard for Risk Management (AS/NZS 4360)
S 4360)
Instructions
Print this sheet (two pages) and use when completing sheets 2, 3 & 4. Evaluate potential for event & response among the following categories using the hazard specific scales in sheets 2c & 2d of this Workbook. Assume each event incident occurs at the worst possible time. Sheet 2b informs Business Impact considerations. Please note specific score criteria on each work sheet to ensure accurate recording. Issues to consider for chance of occurrence include, but are not limited to: 1 Known risk 2 Historical data 3 Manufacturer/vendor statistics Issues to consider for response include, but are not limited to: 1 Time to marshal an on-scene response 2 Scope of response capability 3 Historical evaluation of response success Issues to consider for human impact include, but are not limited to: 1 Potential for staff death or injury 2 Potential for public death or injury Issues to consider for property impact include, but are not limited to: 1 Cost to replace 2 Cost to set up temporary replacement 3 Cost to repair 4 Time to recover Issues to consider for business impact include, but are not limited to: 1 Business interruption 2 Employees unable to report to work 3 Customers unable to reach facility 4 Company in violation of contractual agreements 5 Imposition of fines and penalties or legal costs 6 Interruption of critical supplies 7 Interruption of product distribution 8 Reputation and public image 9 Financial impact/burden
Issues to consider for preparedness include, but are not limited to: 1 Status of current plans 2 Frequency of drills 3 Training status 4 Insurance 5 Availability of alternate sources for critical supplies/services Issues to consider for internal resources include, but are not limited to: 1 Types of supplies on hand/will they meet need? 2 Volume of supplies on hand/will they meet need? 3 Staff availability 4 Coordination & Communication capability 5 Availability of back-up systems 6 Internal resources ability to withstand disasters/survivability Issues to consider for external resources include, but are not limited to: 1 Types of agreements with community agencies/drills? 2 Coordination with local and state agencies 3 Coordination with proximal health care facilities 4 Coordination with treatment specific facilities 5 Community resources Complete worksheets for all Hazards. The summary section will automatically provide your specific and overall risk profile. Notes developed from work by Kaiser Permanente.
2) Business Function:
I or E
Internat'l (Y or N)
5) Operational Detail:
Hours of Operation: Peaks: Annually Describe Peak Periods
Total Number of Personnel Supporting this Function Number of People Needed for Critical Business Processes
Quarterly
Monthly
Weekly
Daily
Request
Page 6 of 14
1 2 3 4
How long could you operate in a manual mode before systems become available? (Consider the amount of backlogged and missing data.) Are there written procedures for operating in a manual mode? When were the procedures for operating in a manual mode last updated? What additional resources are needed to perform your mission critical business processes manually? (I.E. additional staff, forms, phone, manual accounting, log sheets, etc.?) In the event of a disruption , there would be some "lost data or transactions". Describe the data loss for this function. Could lost data or "work in progress" transactions be recovered? How will lost data be recovered? Are there written procedures for recovering lost data? When were the procedures for recovering lost data last updated? If lost data could not be recovered, what is the potential impact to your business function and on the entire company? Are there data integrity or specific balancing procedures to verify the integrity of the restored and/or reconstructed data? Do you store critical data or information on your desktop or laptop? How is this critical data backed up? How often is the backup sent offsite? Do you rely on data (information) that is not electronic? Specify the data and the type of media (ie. contracts, forms, personnel records, etc.)? Is the non-electronic data backed-up (copied) and stored offsite? Are documented procedures for business function processes, recovery of lost data and balancing stored offsite? Do you rely on specialised or unique equipment to perform your critical processes? If yes, list equipment. Summarise exposures and risks that management should be aware of in the event of a disruption:
6 7 8 9 10 11 12 13 14 15 16 17 18
Page 7 of 14
1
Who do you rely on for input?
List the type of data and where it comes from (i.e. Sales invoices from Sales, internal, fax & mail)
Internat'l (Y or N)
2
Who relies on you for output?
List the type of data and where you are sending it to. (e.g. Sales Revenue to Banks)
Internat'l (Y or N)
What operations do outside resources perform to assist this function (e.g. do you outsource cheque printing, report distribution, nightly processing, batch processing, master CD production, etc.)?
5
Legal Regulatory Contractual Compliance
Identify and explain any specific legal, regulatory, contractual, and compliance issues or consequences (e.g. government agency obligations, customer contracts, Service Level Agreements etc.):
MTO
Page 8 of 14
Total
Natural Events
Avalanche Biological Drought Dust/Sand Storm Earthquake Extreme Heat/Cold Fire (forest, range, urban) Flood/Wind driven water Hurricane Landslide Lightning Storm Snow/Ice/Hail Tornado Tsunami Volcanic Eruption Windstorm/Tropical Storm 4 2 2 1 5 3 4 2 0.0 2.6 0.0 0.0 4.2 0.0 0.0 3.2 0.0 0.0 0.0 0.0 0.0 0.0 0.0 4.1 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
2.5
Technological/Industrial Events
Building/Structure Collapse Business Interruption Dam/Levee Failure Explosions/Fire Extreme Air Pollution Financial Collapse Fuel/Resource Shortages Hazardous Material Releases Power/Utility Failure Radiological Accidents Transportation Accidents
Civil/Political Events
Civil Unrest Eco-Terrorism Economic Enemy Attack General Strike Hostage Situation(s) Sabotage Terrorism
KEY High Risk: Greater than 3.5 Medium Risk: 2.0 to 3.5 Low Risk: Less than 2 Analysis of Results: You should consider strengthening your preparedness capability. If your snapshot indicates a level of concern re vulnerability you may want to consider capacity building processes.
K
Score
Target Visibility Target Utility Asset Accessibility Asset Mobility Presence of Hazardous Materials Collateral Damage Potential Site Population KEY for each CRITERIA High Risk: Greater than 3.5 Medium Risk: 2.0 to 3.5 Low Risk: Less than 2
remote, secure perimeter, armed guards moves frequently limited quantities, secure loctn no risk 0 large quantities, some controls moderate risk in 1 Km r 500 - 1000
open access, e.g. "drive up" parking fixed in place open access high risk beyond 1 Km r or domino > 5000
TOTAL
for the TOTAL re each ASSET : Greater than 24.5 : 14.0 to 24.5 : Less then 14
Analysis of Results: If vulnerability is high, you may want to consider strengthening preparedness capability. emergencyriskmanagement.com is at your service with planning guidelines and consultancy services.
emergencyriskmanagement.com TM
Considerations regarding how to use the Risk Rating to prioritise and implement action plans.
Once the level of risk has been determined the following table may be of use in determining when to act to intervene and institute the control measures.
High
If these controls are not immediately accessible, set a timeframe for their implementation and establish interim risk reduction strategies for the period of the set timeframe. Take reasonable steps to mitigate the risk. Until elimination, substitution or engineering controls can be implemented, institute administrative or personal protective equipment controls. These lower level controls must not be considered permanent solutions.
Medium
Interim measures until permanent solutions can be implemented: Develop administrative controls to limit the use or access. Provide supervision and specific training related to the issue of concern. (See Administrative Controls below)
Low
Take reasonable steps to mitigate and monitor the risk. Institute permanent controls in the long term. Permanent controls may be administrative in nature if the hazard has low frequency, rare likelihood and insignificant consequence.
Hierarchy of Control
Interventions identified may be a mixture of the hierarchy in order to provide as low as reasonably practicable exposure.
Eliminate the hazard. Provide an alternative that is capable of performing the same task and is safer to use. Provide or construct a physical barrier or guard. Develop policies, procedures practices and guidelines, in consultation with employees, to mitigate the risk. Provide training, instruction and supervision about the hazard. Personal equipment designed to protect the individual from the hazard.
The "Hierarchy of Control" can be useful - as can other heuristic devices such as "Prevention, Preparedness, Response & Recovery" or "Engineering, Education, Encouragement, & Enforcement". As a general approach. A "mix of interventions" usully provides the best result.