Prepared By : Amit Gupta Bharti Gupta Vaibhav Purang

Detriment,

disadvantage, or deprivation from failure to keep, have, or get: to bear the loss of a robbery The state of being deprived of or of being without something that one has had.

Loss is caused by the operation of perils

causes for the losses

Perils- such as fire, explosion etc Human factors- such as negligence, carelessness, inadequate training, inadequate supervision etc. Inadequate maintenance Failure of Plant/ machinery due to breakdowns Natural perils such as flood, cyclone, earthquake, landslide etc

The loss potential ( extent of loss) depends on HAZARD

conditions which are favourable for the incident to assume large proportions More the potential severe will be the extent of loss

PERIL ( CAUSE)----------------LOSS(EFFECT) (Fire) HAZARD (Crackers)

Property losses Losses to human resources Liability losses Loss from external economic forces

 Drop

in Family Earnings Medical Expenses Personal Liability

Risks are internal & external events (economic conditions, staffing changes, new systems, regulatory changes, natural disasters, etc.) that threaten the accomplishment of objectives. Risk assessment is the process of identifying, evaluating, and deciding how to manage these events

What is the likelihood of the event occurring? What would be the impact if it were to occur? What can we do to prevent or reduce the risk?
7

 Determine

where the risk of loss lie for the

company Discover every possible risk factor that may be associate with

Own activities of the organisation Political, social, legal and physical environment in which it operates

Loss/Risk Identification
Risk Perception Exposure Analysis/Identification of Peril

 No

single method can reveal all the losses Select the most promising method within the budget constraints Risk identification must be an ongoing process

Reveals various facts about: Nature and extent of the organisation activities Inter-dependencies between various parts of the organisation Breakdown of organisation into cost centres to take risk financing decisions People participating in risk handling decisions Any organisational weaknesses

 Data

required for valuation of assets Data for quantifying inter-dependencies Details of financial arrangement Past costs of losses

Other Records After sales servicing records pointing dangerous defects in products.
Flow Charts Pinpoint potential bottlenecks Reveal vulnerability of the business to risk

Developed by economists for tracing the flow of good and services through economy and to identify: Contribution of an organisation to total earnings Exposure of an organisation to risks of disruption of its business

 Check

Lists

Peril or hazard is considered in relationship to the business operations

Threat

Analysis

Compile list of threats to the business

 Hazard

and Operability Study

Examine the whole process to identify potential deviations, their causes & possible consequences

Fault

Tree Analysis

Examine causal relationship between the failure of some sub-system Assist in calculating the probability of the loss producing event

Five Steps include: 1. Assign Values to Assets: 2. Determine Loss due to Threats & Vulnerabilities

Confidentiality, Integrity, Availability

3. 4.

Estimate Likelihood of Exploitation

Weekly, monthly, 1 year, 10 years?

Loss = Downtime + Recovery + Liability + Replacement Risk Exposure = ProbabilityOfVulnerability * $Loss Survey & Select New Controls Reduce, Transfer, Avoid or Accept Risk

Compute Expected Loss

5.

Treat Risk

Identify & Determine Value of Assets Assets include:

IT-Related: Information/data, hardware, software, services, documents, personnel Other: Buildings, inventory, cash, reputation, sales opportunities

What is the value of this asset to the company? How much of our income can we attribute to this asset? How much would it cost to recover this? How much liability would we be subject to if the asset were compromised?

Costs

Sales

Tangible $ Risk: Product A Risk: Product B Risk:

Intangible: High/Med/Low Replacement Cost= Cost of loss of integrity= Cost of loss of availability= Cost of loss of confidentiality= Replacement Cost= Cost of loss of integrity= Cost of loss of availability= Cost of loss of confidentiality= Replacement Cost= Cost of loss of integrity= Cost of loss of availability= Cost of loss of confidentiality=

Product C

Natural: Flood, fire, cyclones, rain/hail/snow, plagues and earthquakes Unintentional: Fire, water, building damage/collapse, loss of utility services, and equipment failure Intentional: Fire, water, theft Intentional, non-physical: Fraud, hacking, identity theft, malicious code, social engineering, phishing, denial of service

System Vulnerabilities

Misinterpretation:
Poorly-defined procedures, Disgruntled employee, employee error, uncontrolled processes, Insufficient staff, poor network design, Inadequate mgmt, improperly configured Inadequate compliance equipment enforcement

Behavioral:

Coding Problems:
Security ignorance, poorly-defined requirements, defective software, unprotected communication

Physical Vulnerabilities:
Fire, flood, negligence, theft, kicked terminals, no redundancy

Best sources: Past experience Specialists and expert advice Market research & analysis Experiments & prototypes If no good numbers emerge, estimates can be used, if management is notified of guesswork

Qualitative: Prioritizes risks so that highest risks can be addressed first Based on judgment, intuition, and experience May factor in reputation, goodwill, nontangibles Quantitative: Measures approximate cost of impact in financial terms Semiquantitative: Combination of Qualitative & Quantitative techniques

 Loss

Control refers to efforts that reduce

expected losses. For e.g. Air Bags in Cars.

It

usually involves investment of resources (Funds, Efforts or Time) for optimal level of loss

Considerations

control:
BENEFITS

i.e. lower expected losses COSTS i.e. loss control activities

Loss

Prevention
Loss

Avoidance
Loss

Reduction

 Carrying

out of numerous activities that minimize expected losses by reducing the frequency of losses (loss prevention).

For

e.g. Family building a fence around their yard to protect their child, OR
Manufacturing

of safer products by

businesses.

 Completely

avoiding the activity that potentially gives rise to the loss. leads to the sacrifice of benefits from the activity that gave rise to the potential loss. e.g. in 1980s, many small airplane manufacturers went out of business to avoid law suits.

It

For

It can be done in two ways:

Pre-Loss Activities

, which decrease the magnitude of a loss if one occurs. For e.g. investment in Fire Extinguishers reduces magnitude of loss by fire, but it cant prevent it. which occur subsequent to an event that causes a loss. For e.g. placing plywood over windows that were broken in a storm can reduce subsequent water damage and theft losses.

Post-Loss Activities,

CATASTROPHE PLANNING
A type

of Pre-Loss reduction activity to reduce the magnitude of losses, both Natural- Hurricanes, Earthquakes, Tsunamis etc Man Made Nuclear Accidents, Chemical Spills etc
Local,

State and Federal Governments, as well as many Organizations have detailed plans of evacuation, medical treatment, power restoration and cleanup.

 In

situations where premiums accurately reflect loss control activities, insurance coverage can reduce moral hazards.
e.g. a restaurant will have greater incentive to install flooring material that reduces slips and falls, if its insurance premiums are reduced following installation of new flooring.

For

THANK YOU