UNDERSTAND THE FORMULA of RISK = A + T + V = R
While it might be unreasonable to expect those outside the RISK industry to understand RISK MANAGEMENT, regulators want the Board of directors, senior managers, compliance officers, and employees to UNDERSTAND RISK.
To help you, Comsure has the following key pointers
- Risk – is the potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability.
- Risk - is the intersection of assets, threats, and vulnerabilities.
- Risk - is a function of threats exploiting vulnerabilities to obtain, damage or destroy assets.
Accurately assessing threats and identifying vulnerabilities is critical to understanding the risk to assets.
When conducting a risk assessment, the formula used to determine risk is as follows:
- A + T + V = R
- Asset + Threat + Vulnerability = Risk.
You must understand the difference between these terms? If you don't understand the difference, you'll never understand the actual risk to assets.
- An asset is what we're trying to protect:
- Asset – People, property, and information.
- People may include employees and customers along with other invited persons such as contractors or guests. Property assets consist of both tangible and intangible items that can be assigned a value.
- Intangible assets include reputation and proprietary information.
- Information may include databases, software code, critical company records, and many other intangible items.
2. A threat is what we're trying to protect the asset against.
- Anything that can exploit a vulnerability, intentionally or accidentally,
- The threat will obtain, damage, or destroy an asset.
3. A vulnerability is a weakness or gap in our protection efforts.
- Weaknesses or gaps in operations and a governance, risk and compliance program can be exploited by threats to compromise an asset.
To learn more and find out how Comsure can assist you with your business risk assessments, including AML
Mathew Beale - Chartered FCSI
Principal (Director) - Comsure Compliance Limited, Comsure Technology Limited (the "Comsure Group of Companies")
No 1 Bond Street Chambers, St Helier, Jersey, Channel Islands, JE2 3NP
Direct Tel: +44 (0) 1534 626841 - Mobile Tel: +44 (0) 7797 747 490 - Skype: comsurecompliance