A good risk management is defined by the ability to identify the risks and put in place mitigation measures to control the possibility to occur and extend of the impact in case the event occurs. The uncertainty events identification can be carried out by establishing the common known risks and listing them down. It can also be achieved through defining the objectives of the business and establishing any hazardous events that may trigger impacts to the efforts to realize the goals. Risks sources can also be analyzed to see how they prompt the occurrence of the uncertainties. For example, employees may be a source of risk and the uncertainties may be poor financial management, workers injuries due to unsafe work environments and increased employee complaints that may induce industrial strikes.
Highly indexed risks such as fire damages, natural disaster occurrences and staff injuries from work-related accidents are usually perceived as expensive to retain and the business usually passes on the liability to another party. This is what is referred to as risk sharing and the risks liability is transferred from the business to another firm. Nonetheless, there is some degree of residual risk liability, for instance, in the event that the other party ascertains that the occurrence of the risk was due to negligence of the business management, then it may render the risks non compensatory and the business eventually bears the burden.
The risk planning also entails a review and evaluation of the framework to employ the necessary changes so as to update the previous security controls put in place. Due to changing business environment, the mitigation measures need to be revised periodically in order to keep abreast with the threats dimensions. For instance, the business may expand its operations through injecting in an additional resource base such as personnel, working capital, physical assets including machinery, buildings and equipments. This implies that the cost of damage change significantly and this must be updated and reflected in the Business Continuity Planning (BCP) in order to have the most justifiable valuations with time.