Location 7

Location 6
Location 5
Location 4
Location 3
Location 2
Location 1
ASSETS AT RISK
EXPOSURES

Flooding / Internal / External

Fire / Smoke - Building

Fire / External

L
L
L
Seismic Damage / Earthquake

Wind Damage / Tornado

Heat Wave
NATURAL

Solarflares

Storm / Lightening

Subsidence

Tsunami

M
M
Bomb / Explosion

Burglary / Unauthorized Physical Access

Civil Unrest

Vandalism

Hazardous Waste Spill

Work Stoppage

Data Entry Error

HUMAN

Improper Handling Sensitive Data

Maintenance Error

Damage / Destruction of Software or Data

Unauth. Access to Data / Theft of Data

Unauth. Modification of Software/ Hardware

Key Individual / Group

Chemical / Biological Event

L M
L M

Intentional Computer Breach

L
L
L

Plane Crash

Facilities, Maintenance Error, Electrical

Failure of Change Management

Power Failure / Fluctuations

Heating, Ventilation or A.C. Failure

CPU / Hardware failure / Malfunction

Failure of System Software

Failure of Application Software

LAN / WAN Outage

LAN / WAN Repeat Interrupt

Telecommunication Failure

Damage / Loose Cables

RISK ASSESSMENT MASTER MATRIX

Computer Virus
TECHNICAL / OPERATIONAL

Maintenance Scheduling

Assessment Threshold Less than $5 Million

Blue
Low - $5 Million to $10 Million
Green
Moderate - $10 Million to $25 Million
Yellow
High - Greater than $25 Million
Red
CONSEQUENCE

Low (10-1 yr.)

Moderate (10-2 yr.)

M H

High (10-3 yr.)

PROBABILITY

683209981.xlsx
08/06/202310:17:00
 Definitions

An Asset is something of either tangible or intangible

value to the organization

Exposure is the potential for harm or damage to an

asset. Exposure derives from hazards, or the actions /
inactions of people. Categories (Natural Hazards,
Human Threats, and Technical/Operational Threats)

Probability is the likelihood of an adverse event

occurring. The categories that were used are:

Low = once in a thousand years

Moderate = once in a hundred years
High = once in ten years.
Risk is uncertainty; a function or measure of the
probability and severity of adverse events.

Risk Assessment is a process that results in

identification and quantification of risk, where
quantification comprises both probability and expected
severity.

Consequence is the specific adverse effect caused by

an exposure diminishing the value of an asset;
exposures act on assets to produce consequences. A
range of consequence levels was selected as follows:

Low: $5 to$10 million

Moderate: $10 to 25 million
High: $25million
Assessment threshold of loss at $5 million,
representing a potential decrease in pretax earnings of
approximately 1¢ per common share.
Note: Modify Consequence and Assessment
Threshold to correspond to earnings of company being
assessed.

For copies of the file used to created this risk matrix,

e-mail request to: billoyd@hotmail.com

Page 2