Posts - Integrating the
Model in the Real
1/13/09: Audit & Risk - Seeing the Forest from the Trees
9/4/08: Security ROI
6/28/08: Boise: A
5/10/01: FFIEC Business
4/3/08: SOX 404 Audits
Basic Components of Risk
- Risk is the possibility that something of value will suffer harm or loss. The definition includes two components
- Probability that a harmful event will occur
- Probability is the likelihood that an organization will suffer harm from the failure of a person, process or system or from an external event. Probability is a function of
- The amount of loss or Cost that will result from the event.
- Cost (also referred to as Impact, Financial Exposure, Criticality or Importance) is the amount of losses an organization would potentially suffer from a negative or harmful event.
- As used on the Simple Risk Model the calculation of Cost is based on the Annualized Loss Expectancy (ALE) or the estimated losses that a process will incur in a single event multiplied by the estimate of the number of times such event will occur in a year