Skip to navigationSkip to content

Your County - Putting Kent First

Kent 4 star Council

Contacts

Business Continuity
Kent County Council
Invicta House
County Hall
Maidstone
Kent ME14 1XX

Telephone icon01622 696869/ 694806
fax: 01622 694805

Email icon business.continuity @kent.gov.uk

Risk assessment

What is risk? Risk is the threat that an event or action will adversely affect an organisation's ability to achieve its objectives and successfully execute its strategies.

On completion of the Business Impact Analysis it is important to identify threats to the mission critical activities of your business. An example of how this may be achieved by the use of a simple Risk Matrix is outlined below:

Risk assessment likelihood graph

Key -
A - Immediate action needed
B - Consider action and have a contingency plan
C - Consider action
D - Keep under review

Examples of categories of risk

Risks generally fall into two categories and may be:

Strategic - medium to long term goals

  • Political - future changes to the political landscape
  • Economic - macro level economic changes, investment decisions etc.
  • Social - demographic, socio -economic trends
  • Technological - technological change, demands, failures
  • Legislative - current or potential changes in national or European law
  • Environmental - energy efficiency, pollution, recycling, emissions etc.
  • Competitive - ability to deliver best value
  • Customers/Citizens - failure to meet needs of customer/citizens

Operational - risks managers/staff may encounter

  • Professional - associated with nature of each profession/business/service
  • Financial - financial planning and control
  • Legal - breeches of legislation
  • Physical - those related to fire, security, H&SW, flooding, terrorism etc.
  • Contractual - failure of contractors to deliver services
  • Technological - IT systems, equipment and machinery
  • Environmental - pollution, noise etc.

Having utilised the Risk Matrix to identify and prioritise the risks to your organisation/ business/service you then need to decide a control strategy.

Control strategies include:

  • Tolerate the risk - exposure to certain types of risks may be tolerable without any further action being taken.
  • Transfer the risk - this might be done by conventional insurance, or it might be done by paying a third party to take the risk in another way.
  • Terminate the risk - some risks will only be treatable, or containable to certain levels, by terminating the activity.
  • Treat the risk - controlling the risk (build control into the operational process)
  • Share the risk with another party
  • Avoiding the risk in other ways

Copyright Kent County Council 2009