Organizational Risk: Federal
Author: Leanne Coffman
- Risk may be defined as the effect of uncertainty on objectives and goals. See Risk Management Defined.
- On the organizational level, risk management planning also assesses and allocates resources to address known or potential risks. See Risk Management Defined.
- Selecting the most appropriate risk treatment options typically involves balancing the benefits of implementing the treatment against the costs and efforts of implementation. See Identifying Risk.
- Understanding threat potential and the impact of risk on the organization will assist in assigning, prioritizing and applying appropriate risk treatment. Risks must be prioritized because the average organization does not have the resources to respond to every risk. See Prioritizing Risk.
- Risk managers should focus on tracking probable or high priority risks, which may threaten major organizational objectives. Analysis separates negligible risk from serious or immediate threats. See Assess Risk.
- Treating risk involves a wide range of systems, outlooks and actions. Organizations may elect to avoid risk by discontinuing the activity that causes the threat. Conversely, risk may be pursued or increased to further an opportunity for growth potential. See Create Solutions to Treat Risk.
- Creating a continuity plan and addressing disaster recovery for the workplace are proactive steps organizations can take to avoid disruption of services. See Ensuring Operations: Business Continuity.
- Through a well-executed business continuity plan, organizations can reduce risk, protect stakeholder's interests and ensure continuation of services. See Ensuring Operations: Business Continuity.
- Disaster recovery is a separate consideration from business continuity. However, in order to perform disaster recovery or develop disaster recovery plans, one must first address the tasks, activities, processes and resources that comprise day-to-day operations and then develop a continuity plan. See Disaster Recovery Plans.