Created by the Security Executive Council
Understanding the nature and scope of security-related risk is a basic expectation of a corporate security program and those engaged in asset protection. The risk assessment process provides for a critical evaluation of mitigation programs.
The template that follows was designed to assist security leaders in ranking risk and mitigation priorities, which is one fundamental part of a comprehensive risk management strategy.
This example includes a sampling of 6 out of 27 evaluative factors for consideration by a review team. Note that the ranking process only works when the reviewers are totally honest about their findings. The template includes a column for notes on alternative strategies and cost, and a space to engage site management on risk exposure and risk acceptance after the ranking is complete.
Ultimately the risk assessment process is about aligning Security with the needs of the organization.