Strengths And Limitations Of Risk Assessment Information Technology Essay

The destructive impact of recent natural disasters on many regions of the world has brought into focus the need for proper risk assessment, planning, preparedness and the implementation of early warning systems. The great earthquake and tsunami of December 26 2004 near Sumatra affected 13 countries bordering the Indian Ocean and was responsible for the deaths of more than 250,000 people. The great earthquake of 28 March 2005 in the same general area caused additional devastation. The hurricanes of 2005, and Katrina in particular, destroyed the city of New Orleans and other well-developed communities in the Gulf of Texas. The great earthquake of October 8, 2005 in Northern Pakistan and Kashmir was a reminder of the degree of devastation and human suffering disasters can cause.

Regrettably, disasters such as these occurred in regions known to be vulnerable but where not proper risk assessment studies had been made and no adequate plans for preparedness or mitigation existed. If such studies had been properly made and plans were in place, the death toll and destruction would have been minimized

Unequivocally, disaster mitigation requires accurate and expeditious assessment of all potential risks, the issuance of prompt warnings, and programs of preparedness that will assure warning effectiveness and public safety. The methodology for assessing the potential risks that threaten each region of the world requires adequate understanding of the physics of each type of disaster, a good and expeditious collection of historical data of past events, and an accurate interpretation of this data as to what future impact will be. Since each type of disaster results from different sources, the risk assessment methodology will vary accordingly.

Because of the extensive and specialized nature of disasters, it is outside the scope of the present report to provide a detailed analysis of how all risks are determined for planning, zoning, construction or evacuation purposes. Each disaster requires separate treatment and analysis. The construction of important critical structures, such as nuclear power plants, requires the adaptation of very conservative design criteria. This report provides only a brief overview of general principles that apply to the risk assessment of all types of disasters. In the present report, disasters are examined from a fundamental perspective, with emphasis on general techniques that must be used in assessing risks, with emphasis on mitigation, preparedness and public education.

Strengths and limitations of risk assessment

Risk assessment refers to an organized and systematic procedure dependent on the reliable identification of possible hazards and a relevant or appropriate assessment of the risks .Such risks arise with the intention of making comparisons in order to control and avoid them. The need to conduct a risk assessment in any organization is very paramount since it is the prior step when it comes to solving risks. There is need for security consciousness therefore proper security measures must always be adopted, developed and implemented based on relevant risk and vulnerability assessment of any given situation at any given time.

Risk assessment has several uses such as being used as assessment of single site risk, assessment of group site risk for more investigation, derivation of real value for a certain site, derivation of generic guidelines relative to specific media, balancing of benefits and risks, considering long term legality, and being used as a tool to prioritize on the impacts of risks based on their significance. The mitigation of possible impacts will result in minimizing the potentiality of a threat or risk and increased security in the organization. Risk assessment always provides the most significant single framework for either strategic or tactical decision making in all organizations.

Before conducting any risk assessment, it is imperative to understand the current laws, regulations, and mandates that may be driving organizations to put in place and implement security plans or conduct vulnerability assessments.

Mitigation of risks from natural or technological hazards

The risk assessment is always the basic primary tool required in measuring and evaluation of the economic impact, potential loss of life, property damage, loss of property and personal injury, resulting from natural or technological hazards.

This process is always based on three processes: Identification of potential Hazards, Evaluation of potential hazardous events, and estimation of losses. The three processes need to be done keenly to enhance accuracy of the task being carried out so as to ensure that risks are assessed properly hence reduction of losses resulting from such perils or hazards.

Natural hazards assessment and their mitigation must be always included in any development planning work or in the identification of serious investment projects that makes economic sense. It is taken as o prior task since their can be no development without taking care of the risks which might occur. By not considering the natural hazards and mitigation the resources to curb the risks might not be sufficient during the time of need leading to stoppage or reduction in economic development. The efforts aimed at assessing risks always consume both technical and financial resources. Concerning technical resources; skilled personnel such as technicians, engineers, meteorologists among others are employed. Financial resources will be required to pay labor, buy materials, and paying for other services. Therefore, natural or technological hazards assessment must include a way for estimation of the benefits and costs to the project and the economy. Total costs will be calculated and then subtracted from total benefits to see whether the projects are viable or not viable before they are taken as business opportunities.

The strategies and methods of managing risks include limiting the negative effect of a risk, transfer of the risk to another place or party such as insurance companies and banks which is done by insuring property or storing money or other properties in the bank , avoiding the risk, and acceptance of the consequences of a given risk.

Strengths of risk assessment

It is always important for any organization to implement a risk assessment policy in their business. The assessment procedures are intended to help them keep track of the important basic sources that may hamper the well-being and health of the workers or employees of the organization. (Hardin, 2010) It is also significant for the staff in charge of the assessment program, to perform a thorough research of the main sources and reasons for natural or technological hazards.

The strengths and advantages of carrying out risk assessment as a way of mitigating natural or technological hazards outweigh the usually perceived bureaucracy and they can be used in many different ways. For example, demonstrate that the organization or the company is actually identifying and assessing or controlling risks, reinforcing the possible need for financial expenditure to be set aside for controlling the risks since risks occur accidentally thus need for putting aside money for emergencies. Reduction of management’s time during occasional and periodic reviews of risks to ensure risks are analyzed properly .It is also vital that identification of potential unsafe or dangerous behaviors when implementing behavioral safety initiatives is observed keenly.

In general, the advantages of risk assessment can be broadly categorized into the following:

Justification of costs

An additional security and mitigation measure always requires additional expenditure. This does not generate income and must always be properly justified in monetary terms. The Risk assessment and analysis process must automatically and directly generate justification for natural or technological hazards mitigation recommendations.

Review of savings and productivity auditing

A risk assessment programme can be utilized so as to enhance and improve the productivity of the natural or technological hazards mitigation or audit team. By making a proper review structure and using “self-analysis” features, more meaningful use of time is very possible.

Consistency

A major significant benefit of the risk assessment and analysis is that it always brings out an objective and consistent approach to all technological hazards mitigation reviews. This is applicable in different applications, but and types of organizations or business system.

Communication

During the process of sourcing of information from various parts of a company or a business unit, a risk analysis and assessment helps in communication and aids decision making. The risk assessment program is always a legal requirement or obligation before downward communication, upward communication or vertical communication is used in any organization. It must work for the good and benefit of all workers, employees, the top management and the company as a whole since effective communication will result when risks are analyzed and assessed before making decisions in an organization as it will lead to emergence of a planned communication.

Limitations of risk assessment

Risk assessment is just one way of making important decisions, but it may not be the only way or the best way either. One of the major concerns in any traditional risk and vulnerability assessment program is that it does not always take into consideration the big picture of the expected risk since risks are just noted down without considering the extent which will lead to proper preparedness for the expected risk. Some aspects of many of risk assessment programmes have come under sharp criticism for lack of measurable improvement on the risk. When the focus is narrowed only on the assessment results, organizations can sometimes fail to understand the real extent of their risk which is dangerous to the organization as it can lead to closure of business or company due to huge losses resulting from unexpected huge risks.

Risk assessment plans are not always integrated with Enterprise vulnerability and risk Management Plans. Some risks require to be managed together with other organization risks. Unfortunately, this is not always the case as risk assessments are often not conducted outside the scope of the organization’s enterprise risk management policy. This may mean the results might not reach the top leadership or authority and may not get the tools required to mitigate the risks effectively since the affected will be a single organization or an individual making the authority concerned to be reluctant when it comes to risk management. Risk assessment is failing by not assessing the risks involved in similar organizations as a whole.

Overlooking Paper Assets is another important weakness of risk assessment plans. Organizations and companies more often focus on electronic or digital assets that they ignore risks associated to paper repositories. For example in a bank, paper documents or files like customer records for loans may never be seen as part of the risk assessment. Consequently, mitigating measures are not always established to indicate when such paper records or documents are tampered with, lost or destroyed.  This may lead to a breach of security in the company without any one knowing it happened. Paper assets are seen as though they are not that important as compared to digital assets since they are seen as valueless and yet they might be very important leading to failure in assessment of risks.

Over focusing on control, measures instead of the potential business risk can be considered another limitation. Quite often people tend to think risk assessments are measuring risk, but in reality are only reviewing the possible risk control measures. Risk assessments occasionally follow specific checklists and without a clear understanding of your vulnerabilities, knowledge of the results of a natural or technological hazard risk assessment is not sufficient. It is important to study first how the vulnerabilities and threats come together producing a risk. Leaving the threats and vulnerabilities and focusing on the risk is the beginning of failure by many businesses since it is unconsidered vulnerabilities that will result to a risk; this has lead to big failure of risk assessment.

Risk assessments can also lead to spending on an unnecessary technology. Since natural or technological hazard risk assessment tend to focus on some specific gaps for example in information technology controls, many organizations are forced into investing on irrelevant technology when trying to fix problems or threats that could be better addressed with just process changes. Companies and organizations may sometimes assume that buying a new technology will always provide better mitigation for all the risks.However, the organizations processes should always be optimized before any attempt to purchase or invest in a technology tool as a supplement. For example, separation of database operations roles and development creates a natural control that requires two people to help subvert it. Process solutions can therefore be better than investing and purchasing of complex or expensive technology for database changes monitoring.

Finally, stating risks with no consideration to their possible business Impact can be a serious limitation of the risk assessment procedures. Many risks can be stated and the company made aware of such risks but by not considering the damage which can be caused by such risks is as good as not listing the risks as the plans on how to compensate the risk cannot be done without knowing the extent of expected risk so as to plan for it. Business leaders and managers tend to focus on actively growing shareholder value. Natural or technological hazard risk assessments are presented often without a fiscal impact and they may not be taken seriously. This always occurs since the impact in monetary terms may not be clear. Failing to properly translate the natural or technological hazard risk assessments results into those terms will ultimately hinder anyone’s ability to gain the sufficient resources to address them.

Conclusion

In conclusion, the paper ahs discussed in details the pros and cons of Risk assessment as a tool for prioritizing