Skip to main content

5. Understanding Risk: Impact, Likelihood and Risk Response

To align with CSFaaS's methodology, this section provides an explanation of the predefined Impact Levels, Likelihood Levels, and Risk Response Options used in the application. These elements form the foundation of risk assessment and response strategies, ensuring consistency and alignment with international standards.

While these settings are fixed within the CSFaaS application, understanding them is essential for consistent and effective risk management. By using the predefined scales and strategies, your organisation can maintain alignment with industry standards and ensure a unified approach to assessing and addressing risks.

1. Impact Levels and Likelihood Levels

CSFaaS uses a fixed scale for Impact Levels and Likelihood Levels to ensure standardised and consistent risk evaluations:

Impact Levels

Impact levels measure the severity of potential consequences that risks may have on your organisation.

  • Very Low: Minimal impact.
  • Low: Minor impact.
  • Moderate: Noticeable impact.
  • High: Significant impact.
  • Very High: Severe impact.

Likelihood Levels

Assess the probability of a risk occurring, ensuring focus on the most probable risks.

  • Very Low: Rare occurrence.
  • Low: Unlikely occurrence.
  • Moderate: Possible occurrence.
  • High: Likely occurrence.
  • Very High: Almost certain occurrence.

These predefined levels ensure consistent assessments across your organisation.

Best Practices

  • Use the fixed criteria as a shared reference point for all departments and teams to maintain uniformity in risk assessments.
  • Ensure that stakeholders understand the predefined definitions to facilitate consistent evaluations across the organisation.

2. Risk Response Options

CSFaaS incorporates the following predefined Risk Response Strategies, which guide how risks are addressed within the platform:

Risk Mitigation

Reduce the likelihood or impact of risks through proactive measures, such as implementing additional controls or refining processes.

Risk Avoidance

Eliminate risks entirely by discontinuing the activities or processes that introduce them.

Risk Acceptance

Acknowledge the risk without further action when it falls within acceptable levels of tolerance.

Risk Transfer

Shift the risk to a third party, such as through insurance or outsourcing agreements.

These response options are embedded in the Risk Response Options catalog, providing a structured approach to managing risks in alignment with your organisation’s strategic objectives.