Literature Review On Risk Assessment Framework In An Essay.

Introduction to Risk Assessment

Risk Assessment refers to the process of identifying the potential hazards and determining the impact if such hazard occurs (Gerba 2019). The scope of risk assessment is very wide as it is required in almost all form of economic activities. The risk assessment for business involves determination of the potential impact of critical business processes and the interruption of time sensitivity. The process of risk assessment generally comprises of four parts, namely, problem identification, problem characterization, assessment of exposure and the characterization of risk (Shedden et al. 2016).

Risk Assessment Framework refers to the strategy for sharing and prioritizing information about the risks associated with the security to the information technology infrastructure (Zio 2018). The framework should be such that the technical as well as non-technical personnel could understand the perimeter of risks. The RAF or Risk Assessment Framework, varies from business to business and industry to industry. The RAF serves the basis for understanding and evaluating the security risks that prevails within an organization.

This report will focus on providing the literature review on the selected topic, that is, ‘Risk Assessment Framework’. Several previous works have been considered for understanding the application of risk assessment framework in different businesses and industries.

Gouin et al. (2019), studies the development and application of environmental risk assessment framework for microplastic. The authors identify that the emissions of plastic ways in the open environment is causing potential impact on the biological organism, which is of serious concern for the society. The paper summarizes the views of multi-stakeholder’s discussion for proposing the conceptual environment risk assessment framework for microplastic particles. The authors suggested the risk assessment framework for microplastic environment based on the characterization of relationship between the predicted no-effect concentration and predicted-environmental concentration. The risk assessment framework proposed by the researchers requires series of actions, which include characterization of physiochemical properties and the predicted environmental concentration. The characterization of physiochemical properties is done through categorizing them into size, shape, surface properties, chemical properties, porosity and density. The next step in the framework is to understand the environment exposure assessment. The potential impact of microplastic waste have been identified such as aggregation, degradation, sedimentation, agglomeration, bioaccumulation and others. The next part of the framework is to the development and standardization of effect studies comprising of internal as well as external physical effects. After analyzing the environmental concentration, the risk assessment should be performed according to the proposed framework. The paper concludes that the development of Environmental Risk assessment framework requires collaboration of various stakeholders.

According to the study conducted by Torabi, Giahi and Sahebjamnia (2016), the use of enhanced risk assessment framework can be helpful in effectively handling the risk assessment and the management process within the organization that implement BCMS or business continuity management system. The researchers identify that business organizations are exposed to several risks such as disruptions caused by natural disasters and cyber-attacks. In order to run smoothly, the businesses need to implement a strong and effective risk management system. The paper suggests that the business continuity management framework is one of the most recent risk management frameworks. It would help in identifying and improving the organization’s resilience so that they could cope with the identified risks efficiently and effectively. The proposed framework provided by the authors is a four-step framework which include identifying, analyzing, evaluating and responding to risks. The author uses a case study to understand the effectiveness of the proposed framework and concluded that it could help in handling the risk management process under BCMS in an organization.

Risk Assessment Framework for Business

Islam et al. (2016), had proposed the risk assessment framework for automobile embedded systems. The authors identify that the automotive industry is shifting towards connected and autonomous vehicles. The increase in the complexity in vehicles introduces new threats and security risks. The proposed framework involves analysis of threats to identify the assets and its impact to other assets. Under this framework, the process of risk assessment includes estimation of impact level and the threat level. It is basically the modified framework which is based on existing methodologies and standards. This framework requires assessment of security level for understanding the high-level security requirements. The alignment with the existing processes and standards makes it appropriate for fulfilling the changing needs in the automobile industry.

Another study conducted by Dong and Cooper (2016) focuses on the development of risk assessment framework for risks in supply. Researchers and managers have identified that the success of business is dependent on the assessment and management of risks. The authors claimed that the traditional methodologies for risk assessment framework does not consider the intangible aspects of the business, which is one of the crucial factor for the business success. the authors have developed AHP supply chain risk assessment model, which enables the comparison of tangible and intangible elements that have the potential to impact the supply chain. The framework proposed by the authors include risk identification, assessment, ranking and analysis. The paper concluded that the supply chain risk management are key to the success of the company. The proposed framework offers many advantages over the traditional method of risk assessment framework.

The study carried out by Fique 2017 provides the technical description about the MacroFinancial Risk Assessment Framework. This research replaces the stress-testing model of Bank of Canada. The new version of the model contains few features of the previous model along with the new features of fire-sale effects which results from the leverage restrictions that are faced by banks. The proposed model emphasizes on capturing the linear effects of different risk scenarios. It is also subjected to the comprehensive sensitivity analysis. The paper concluded that banks are exposed to several form of risks which interact in a non-linear manner.

The research conducted by Liu, et al. 2017 deals with the assessment framework for revenue risk in transportation. The management of allocation of revenue risk is critical to the development of concessions for public-private transport. The authors proposed the quantitative method for selecting the mechanism for fiscal support. The research had proposed risk assessment framework having two dimensions through the comparison of financing costs and the risk associated by the procurement of a particular project. The paper uses the revenue project model for quantifying the framework’s measurable indicators. The framework had been applied by the authors in a hypothetical case study for demonstrating that the flexible contracts have little impact on the project leverage. The paper concluded that the proposed framework would help the government to improve the deficit control and the public budgeting.

Hartsell et al. 2021 studies the risk assessment framework for autonomous systems. The CPS (Cyber Physical Systems) are used to handling the uncertainties and the self-management system operation for reducing the risk in operation. The risk may be due to the distribution shifts, software failure, environmental context, or hardware contexts. The paper identifies the traditional techniques of assessing risk which include risk reduction, hazard analysis and assurance amongst others. The paper highlights that the traditional techniques do not consider the failures and dynamic contexts that system faces during runtime. The research introduces with the ReSonate dynamic risk estimation framework, especially for autonomous system. It is basically the enhancement of BTD formalism with the state of environment and the overall system. It also presents the technique for assessing the relationship between the environment and the state of the system. In order to reduce the amount of data required and improve the scalability of the framework, this process deals with each control strategy in isolation. The effectiveness of this approach is presented through the use of two distinct autonomous simulations. The ReSonate Framework make use of information about the system, control strategies, hazard propagation and the potential consequences using the BTD model. This model helps in estimating the risk through the knowledge of relationship between the environment and the state of the system. The paper concludes that the proposed framework requires minimal resources for computation purposes. In addition, the paper suggests that future research can be conducted on the extension and the applications of the future.

Environmental Risk Assessment Framework for Microplastic

Rezaei Soufi, Torabi and Sahebjamnia, 2019 has presented the risk assessment framework for business continuity planning. The authors argues that every organization are persuaded to implement a business continuity management system due to the increase in competitiveness in the market. Every business are prone to business risks and risk from natural disasters such as flood, earthquake, terrorist attacks, war and so on. The organization must develop risk assessment system and its mitigation strategies to ensure the continuity of the business. this paper provides a new approach to select among different risk assessment procedures. The model proposed by the authors are aimed at maximizing the organization’s resilience level. The results of the paper is presented after the application of model to the real case study depicting the usefulness and the applicability of the proposed approach. The main steps that must be followed by the organization include: Firstly, the organization should identify its key products; Secondly, identify the threats that are affecting the delivery of such key products through the application of risk assessment process and placing them in the BDCP risk matrix; and Finally, a BCP should be selected for each of the risk identified in the risk matrix. The usability and the applicability of the model is assessed through the real case study of manufacturing organization.

The study of existing literature reveal that the risk assessment and the formulation of framework depends on the environment, business size, nature and industry. However, the basic steps of risk assessment framework include: identifying the risk, analyzing the risk, treating the risk and the monitoring the risk. According to UNDRR, the components of risks include disaster risk, vulnerability risk, hazard risk and the exposure risks (UNDRR, 2022). The risk drivers for the business and global economy include the climate change, environmental degradation, poverty and inequality, weak governance and poorly planned urban development. The GRAF (Global Risk Assessment Framework) presented by United Nations comprises of four pillars, namely, a) Strengthening, accessing, analyzing and visualizing the data of risks; b) Utilizing new knowledge about risk for making informed decision considering the humanitarian action; c) Focusing on the development of tools and technical support; d) influencing the financing systems and agenda setters.  

The business organizations are operating in highly risky environment from cybersecurity standpoint. The development and implementation of risk-assessment frameworks would help the businesses in preventing the loss or misuse of organization’s data. According to NIST 2022, the risk management framework refers to the process that integrates privacy, security, and the supply chain risk management activities. The steps for implement the NIST RMF include preparing the organization for managing privacy and security risks, categorizing through the use of sorting systems, selecting the control system, implementing, assessing the risks and control measures, authorizing the system in which the senior executive makes decision with respect to identified risk and monitoring the risks and control implementation in a regular basis (CSRC.NIST.Gov, 2022).

Conclusion

From the above literature review, it can be deduced that the risk assessment framework is one of fields in which wide research has been conducted by the scholars to determine the best suitable risk assessment procedure or framework. As highlighted by most of the scholars, the risk assessment framework must be developed and implemented after considering the internal and external factors affecting the business. The RAF if often designed after considering the size, nature, type of industry, manufacturing techniques amongst others for identifying, analyzing, mitigating and monitoring the impact of risks on the operations of the business. Recently, the technological industry has experienced a tremendous growth in the last two decade which results in high competition among the businesses in the market. Thus, it become essential for the businesses to develop and implement the effective risk assessment framework. It would help the organization in identifying the risks associated with the business activities and enable to implement the risk control strategies, which would result in stability and the continuity of the business.

References

Csrc.nist.gov., 2022. NIST Risk Management Framework | CSRC. Available at: https://csrc.nist.gov/projects/risk-management/about-rmf (Accessed: 21 April 2022).

Dong, Q. and Cooper, O., 2016. An orders-of-magnitude AHP supply chain risk assessment framework. International Journal of Production Economics, 182, pp.144-156.

Fique, J., 2017. The macrofinancial risk assessment framework (MFRAF), Version 2.0 (No. 111). Bank of Canada.

Gerba, C.P., 2019. Risk assessment. In Environmental and pollution science (pp. 541-563). Academic Press.

Gouin, T., Becker, R.A., Collot, A.G., Davis, J.W., Howard, B., Inawaka, K., Lampi, M., Ramon, B.S., Shi, J. and Hopp, P.W., 2019. Toward the development and application of an environmental risk assessment framework for microplastic. Environmental toxicology and chemistry, 38(10), pp.2087-2100.

Hartsell, C., Ramakrishna, S., Dubey, A., Stojcsics, D., Mahadevan, N. and Karsai, G., 2021, May. Resonate: A runtime risk assessment framework for autonomous systems. In 2021 International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS) (pp. 118-129). IEEE.

Islam, M.M., Lautenbach, A., Sandberg, C. and Olovsson, T., 2016, May. A risk assessment framework for automotive embedded systems. In Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security (pp. 3-14).

Liu, T., Bennon, M., Garvin, M.J. and Wang, S., 2017. Sharing the big risk: Assessment framework for revenue risk sharing mechanisms in transportation public-private partnerships. Journal of Construction Engineering and Management, 143(12), p.04017086.

Rezaei Soufi, H., Torabi, S.A. and Sahebjamnia, N., 2019. Developing a novel quantitative framework for business continuity planning. International Journal of Production Research, 57(3), pp.779-800.

Shedden, P., Ahmad, A., Smith, W., Tscherning, H. and Scheepers, R., 2016. Asset identification in information security risk assessment: A business practice approach. Communications of the Association for Information Systems, 39(1), p.15.

Torabi, S.A., Giahi, R. and Sahebjamnia, N., 2016. An enhanced risk assessment framework for business continuity management systems. Safety science, 89, pp.201-218.

UNDRR., (2022). Global Risk Assessment Framework (GRAF). Available at: https://www.preventionweb.net/understanding-disaster-risk/graf (Accessed: 21 April 2022).

Zio, E., 2018. The future of risk assessment. Reliability Engineering & System Safety, 177, pp.176-190.