Final Irm Ppt

8/2/2019 Final Irm Ppt

1/32

Prepared By :

Amit Gupta

Bharti Gupta

Vaibhav Purang


2/32

Detriment, disadvantage, or deprivation fromfailure to keep, have, or get: to bear the loss

of a robbery The state of being deprived of or of being

without something that one has had.


3/32

Loss is caused by the operation of perils causes for the losses

Perils- such as fire, explosion etc

Human factors- such as negligence,carelessness, inadequate training,inadequate supervision etc.

Inadequate maintenance

Failure of Plant/ machinery due tobreakdowns

Natural perils such as flood, cyclone,earthquake, landslide etc


4/32

The loss potential ( extent of loss) dependson HAZARD

conditions which are favourable for theincident to assume large proportions

More the potential severe will be the extent ofloss

PERIL ( CAUSE)----------------LOSS(EFFECT)(Fire) HAZARD

(Crackers)


5/32

Property losses

Losses to human resources

Liability losses Loss from external economic forces


6/32

Drop in Family Earnings

Medical Expenses

Personal Liability


7/32

Risks are internal & external events (economicconditions, staffing changes, new systems,regulatory changes, natural disasters, etc.)

that threaten the accomplishment of objectives.

Risk assessment is the process of identifying,evaluating, and deciding how to manage theseevents

What is the likelihood of the event occurring? What would be the impact if it were to occur?

What can we do to prevent or reduce the risk?

7


8/32

Determine where the risk of loss lie for thecompany

Discover every possible risk factor that may

be associate with Own activities of the organisation

Political, social, legal and physical environmentin which it operates


9/32

Loss/Risk

Identification

Risk PerceptionExposure

Analysis/Identificationof Peril


10/32

No single method can reveal all the losses

Select the most promising method within the

budget constraints Risk identification must be an ongoing process


11/32

Reveals various facts about:

Nature and extent of the organisationactivities

Inter-dependencies between various parts ofthe organisation

Breakdown of organisation into cost centresto take risk financing decisions

People participating in risk handling decisions

Any organisational weaknesses


12/32

Data required for valuation of assets

Data for quantifying inter-dependencies

Details of financial arrangement Past costs of losses


13/32

Other Records

After sales servicing records pointing dangerousdefects in products.

Flow Charts

Pinpoint potential bottlenecks Reveal vulnerability of the business to risk


14/32

Developed by economists for tracing the flowof good and services through economy and toidentify:

Contribution of an organisation to totalearnings

Exposure of an organisation to risks ofdisruption of its business


15/32

Check Lists

Peril or hazard is considered in relationship to

the business operations

Threat Analysis

Compile list of threats to the business


16/32

Hazard and Operability Study

Examine the whole process to identify potentialdeviations, their causes & possible consequences

Fault Tree Analysis

Examine causal relationship between the failureof some sub-system

Assist in calculating the probability of the lossproducing event


17/32

Five Steps include:1. Assign Values to Assets:2. Determine Loss due to Threats & Vulnerabilities

Confidentiality, Integrity, Availability

3. Estimate Likelihood of Exploitation Weekly, monthly, 1 year, 10 years?

4. Compute Expected Loss Loss = Downtime + Recovery + Liability + Replacement Risk Exposure = ProbabilityOfVulnerability * $Loss

5. Treat Risk Survey & Select New Controls Reduce, Transfer, Avoid or Accept Risk


18/32

Identify & Determine Value of Assets Assets include:

IT-Related: Information/data, hardware, software,services, documents, personnel

Other: Buildings, inventory, cash, reputation, sales

opportunities What is the value of this asset to the company? How much of our income can we attribute to this

asset? How much would it cost to recover this? How much liability would we be subject to if the

asset were compromised?


19/32

Sales

Product A

Product B

Product C

Risk: Replacement Cost=Cost of loss of integrity=Cost of loss of availability=Cost of loss of confidentiality=

Risk: Replacement Cost=Cost of loss of integrity=Cost of loss of availability=

Cost of loss of confidentiality=

Risk: Replacement Cost=

Cost of loss of integrity=Cost of loss of availability=Cost of loss of confidentiality=

Tangible $ Intangible: High/Med/Low

Costs


20/32

Natural: Flood, fire, cyclones,rain/hail/snow, plagues andearthquakes

Unintentional: Fire, water,building damage/collapse, lossof utility services, andequipment failure

Intentional: Fire, water, theft

Intentional, non-physical:

Fraud, hacking, identity theft,malicious code, socialengineering, phishing, denialof service


21/32

SystemVulnerabilities

Behavioral:Disgruntled employee,

uncontrolled processes,poor network design,improperly configured

equipment

Misinterpretation:Poorly-defined

procedures,employee error,Insufficient staff,

Inadequate mgmt,Inadequate compliance

enforcement

CodingProblems:

Security ignorance,poorly-definedrequirements,

defective software,unprotected

communication

PhysicalVulnerabilities:

Fire, flood,negligence, theft,kicked terminals,no redundancy


22/32

Best sources:Past experienceSpecialists and expert adviceMarket research & analysisExperiments & prototypesIf no good numbers emerge, estimates can

be used, if management is notified ofguesswork


23/32

Qualitative: Prioritizes risks so that highestrisks can be addressed first

Based on judgment, intuition, and

experienceMay factor in reputation, goodwill,

nontangibles

Quantitative: Measures approximate costof impact in financial terms

Semiquantitative: Combination ofQualitative & Quantitative techniques


24/32


25/32

Loss Control refers to efforts that reduce

expected losses. For e.g. Air Bags in Cars.

It usually involves investment of resources(Funds, Efforts or Time)

Considerations for optimal level of loss

control:

BENEFITS i.e. lower expected losses

COSTS i.e. loss control activities


26/32

Loss Prevention

Loss Avoidance

Loss Reduction


27/32

Carrying out of numerous activities that

minimize expected losses by reducing the

frequency of losses (loss prevention).

For e.g.

Family building a fence around their yard to

protect their child, OR

Manufacturing of safer products by

businesses.


28/32

Completely avoiding the activity that

potentially gives rise to the loss.

It leads to the sacrifice of benefits from theactivity that gave rise to the potential loss.

For e.g. in 1980s, many small airplanemanufacturers went out of business to

avoid law suits.


29/32

It can be done in two ways:

Pre-Loss Activities , which decrease the

magnitude of a loss if one occurs. For e.g.

investment in Fire Extinguishers reduces

magnitude of loss by fire, but it cant prevent it.

Post-Loss Activities, which occur subsequent toan event that causes a loss. For e.g. placing

plywood over windows that were broken in a

storm can reduce subsequent water damage

and theft losses.


30/32

CATASTROPHE PLANNING

A type of Pre-Loss reduction activity to reducethe magnitude of losses, both

Natural- Hurricanes, Earthquakes, Tsunamis etc

Man MadeNuclear Accidents, Chemical Spillsetc

Local, State and Federal Governments, as well asmany Organizations have detailed plans ofevacuation, medical treatment, power restorationand cleanup.


31/32

In situations where premiums accurately

reflect loss control activities, insurance

coverage can reduce moral hazards.

For e.g. a restaurant will have greater

incentive to install flooring material that

reduces slips and falls, if its insurance

premiums are reduced following installation

of new flooring.


32/32

THANK YOU

Date post:	06-Apr-2018
Category:	Documents
Upload:	bharti-gupta
View:	224 times
Download:	0 times

Final Irm Ppt

Documents