List the causes of each risk and the impacts if they happen
Making these lists helps to give your risk assessment team a clear view of the risks facing your organisation.
Causes of risks
Putting all of the causes together in a list, separate from the risk scenarios, gives another angle for seeing where risks to your organisation’s information system are coming from.
Impacts of the risks happening
Putting all of the impacts together, separate from the risk scenarios, gives a clear overview of the negative consequences your organisation faces with its information system’s risks.
For clarity across stakeholders, state the impacts in business terms — not technical terms.
Utility links and page information