Matakuliah : A0214/Audit Sistem Informasi
Tahun
: 2007
Pertemuan 21-22
ASSESSING RISK IN IT OPERATIONS
Bina Nusantara
RISK ASSESSMENT
• Recognizing the exposures to loss by becoming aware of the possibility of each
type of loss. This is a basic function that must precede all others.
• Estimating the frequency and size of loss by determining its probability from
various sources
• Deciding the best and most economical method of managing the risk of loss,
whether it is by assumption, avoidance, self insurance, reduction of hazards,
transfer, commercial insurance, or a combination of these methods.
• Administering the programs of risk management, including the tasks of constant
reevaluation of the programs and record keeping.
Bina Nusantara
Pssibility of Loss Recognized
Investigation of Facts
Size of Maximum Possible Loss
Not Severe
Severe
Assume Risk
Analysis of Hazards
Analysis of Hazards
Loss Control
Recognition of Hazards
Not Severe
Severe
Size of Maximum Possible Loss Determined
Not Severe
Assume Risk
Reserve
Fund
Captive
Insurer
Insures
Severe
Transfer to Others
Commercial
Insureance
Diversification of
Loss Exposre
Captive
Insurer
Reinsures
Transfer to Others
Commercial
Insureance
Captive
Insurer
Reinsurane
Structure of Risk Analysis
Bina Nusantara
Risk Categorized
• Critical.
• Important
• Unimportant
Bina Nusantara
Risk Managed
•
•
•
•
•
Bina Nusantara
Avoidance
Prevention
Reduction
Transfer
Retention
A key question to ask when choosing a technique
• Avoidance
–
–
–
–
Is it impossible to avoid?
Is it impractical to avoid?
Is it to expensive to avoid?
Is it to time consuming to avoid?
• Prevention
–
–
–
–
Bina Nusantara
Are there any direct countermeasures to prevent the risk from occurring?
Are they cost effective?
Do they have beneficial side effects?
Do they have adverse side effects?
A key question to ask when choosing a technique
• Reduction:
–
–
–
–
–
–
Bina Nusantara
Are there any direct countermeasures to reduce the risk?
Are they cost effective?
Do they reduce the loss occurrence?
Will other risks be reduced as well?
Do they have beneficial side effects?
Do they have adverse side effects?
A key question to ask when choosing a technique
• Transfer:
–
–
–
–
–
–
–
Bina Nusantara
By insurance?
By contractual agreement?
By other means?
Are there other benefits?
Can the risk be best dealt with by a combination of controls?
Can it be partially reduced and partially transferred?
What are the benefits of each method?