Call Us: US - +1 845 478 5244 | UK - +44 20 7193 7850 | AUS - +61 2 8005 4826

information risks as good example of the rapidly changing business environment.

Nevertheless, risk assessment should produce such information for the management of the organization that the primary risks are easy to understand and that the risk management decisions may be prioritized.

Thus, there have been several theories and attempts to quantify risks.

Numerous different risk formula exists but perhaps the most widely accepted formula for risk quantification is the rate of occurrence multiplied by the impact of the event.

In business, it is imperative to be it’s to present the findings of risk assessments in financial terms. Robert Courtney Jr. (IBM. 1970) proposed a formula for presenting risks in financial terms.

The Courtney formula was accepted as the official risk analysis method of the US governmental agencies.

The formula proposes calculation of ALE (Annualized Less Expectancy) and compares the expected loss value to the security control implementation costs (Cost-Benefit Analysis).

  1. Potential Risk Treatments
    Once risks have been identified and assessed, all techniques to manage the risk fall into one or more of these four major categories;

Risk Transfer: Risk Transfer means that the expected party transfers whole or part of the losses consequential o risk exposure to another party for a cost. The insurance contracts fundamentally involve risk transfers. Apart from the insurance device, there are certain other techniques by which the risk may be transferred.
Risk Avoidance: Avoid the risk or the circumstances which may lead to losses in another way, Includes not performing an activity that could carry risk. Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed. Not entering a business to avoid the risk of loss also avoids the possibility of earning the profits.
Risk Retention: Risk retention implies that the losses arising due to a risk exposure shall be retained or assumed by the party or the organization. Risk retention is generally a deliberate decision for business organizations inherited with the following characteristics. Self-insurance and Captive insurance are the two methods of retention.
Risk Control: Risk can be controlled either by avoidance or by controlling losses. Avoidance implies that either a certain loss exposure is not acquired or an existing one is abandoned. Loss control can be exercised in two ways.