Comment from chris
Time: July 16, 2008, 9:59 pm
Quality post. Perhaps the concept of Corporate Social Responsibility (CSR) can be more formally inserted into the risk analysis. In CSR, the triple bottom line of social, financial, and environmental performance is tracked along with the traditional primary financial focus. For the vast majority of corporations practicing CSR today , the environmental and social metrics are then rolled up into the financial tying it all back to a $ amount. However, for purposes of this risk assessment it would appear that using all three indicators individually may assist in a more sound albeit less quantitative consequence definition. To add to that, many organizations in scope of this type of risk assessment are government run (water management districts for example) so their focus is not always tied to making a profit, or even wise use of funds i speculate. So for utility X with a financial focus, a power plant down leading to wide spread power outages may be worst case scenario from a financial (reputation + lost revenue + other impacts caused from power outage) perspective, while for water management district Y with a social (public service/ public impact) focus it is wide spread flooding from a dam malfunction. For a nuclear plant it is affect/loss of human life etc.
Perhaps keeping the three CSR areas of social, financial, and environmental separate is a good idea when defining consequence. Define worst case scenarios in each of the three areas and agree that there are events that you know you can’t quantify ahead of time, but you would never want to see happen in each area as well. Luckily, for those “you never want to see” events, government regulations often address but if you’re an organization you *should* do whatever is in your power to prevent them as well.
0 comments:
Post a Comment