The Critical Importance of Documented Risk Assessment

In April of 1912, Captain E.J. Smith said, “Never in all history have we harnessed such
formidable technology. Every scientific advancement known to man has been incorporated into
its design. The operational controls are sound and foolproof!” This quote went on to become
synonymous with one of history’s greatest failures to adequately assess risk: the sinking of the
Titanic. A contemporary example of a poorly documented risk assessment process is the
current water crisis in Cape Town, South Africa. With conversations into the longevity of Cape
Town’s water beginning from as early as 2012, how is it possible that Cape Town has become
the first city in the world to run out of water? The simple answer to an incredibly complex
problem is this: The strategy to prevent such a crisis was insufficient and poorly documented.

According to Warren Green, a GRC Expert at CURA Software Solutions, the importance of
diligence in your risk control strategy cannot be understated. “Risk assessments are done to
calculate or understand the probability of a risk materialising and the potential impact it may
have. This is not just a once-off process: as your project develops and adapts, so should your
assessment of potential risk and documentation of the applicable controls. Failure to do so
could have catastrophic consequences.” In the case of the Cape Town water crisis, inadequate
assessment of risk was multi-level: assessments failed to project increases in human water
demands due to changing lifestyles and a growing population, to project changes in
hydro-climatic conditions and to effectively monitor the variables in probability and impact. Most
importantly, they failed to detail which steps and mitigating controls needed to be put in place
should such risks materialise.

This natural disaster acts as a cautionary tale for a detailed and properly documented risk
assessments: airtight mitigation plans and ongoing assessments could prevent massive
economic loss, reputational damage, organisational hazards or stakeholder risks.

Another recent example of inadequately documented risk assessments was the 2012 cyber
attack on Saudi Aramco, one of the world’s largest oil companies. In a matter of hours, 35,000
computers were partially wiped or totally destroyed. It is believed that one of the organisation’s
computer technicians on their information technology team opened a scam email and clicked on
a bad link. This saw an oil conglomerate brought to its knees and plunged into 1970s
technology, all because of an insufficient strategy to mitigate the risk.

Green believes that forewarned is forearmed. “The implementation of risk management software
within your organisation revolutionises your risk documentation to mitigate the potential crisis of
any incident. To create a holistic view of potential risk, a fragmented and siloed approach simply
will not do. We are living in 2018, shouldn’t our GRC solutions, too? You need a single source of
the truth.”

Share this post

You might also be interested in:

Blog
Why A Risk Based Approach To Compliance Is Important
July 10, 2023
The 2020 global pandemic is recognised as an event that brought about significant mindset shifts…
Blog
How Organizations Can Manage AI Risks With Guidelines From The EU’s AI Act
July 6, 2023
The EU’s AI Act outlines a new legal framework that aims to significantly bolster regulations…
Blog
A Beginners Guide To Aligning ESG With Your GRC Strategy
June 30, 2023
ESG (environmental, social, and governance) criteria are part of a company’s operational requirements to attract…
Article
Cura Client Lucara Botswana Wins Prestigious GRC Award
June 8, 2023
CURA client Lucara Botswana, a diamond mining company and a subsidiary of Lucara Diamond, has…
Blog
The Beginning Of An Era For Multi-Stakeholder Capitalism, Driving Radical Climate Action
May 6, 2023
We are moving into the era of multi-stakeholder capitalism, shifting corporate leadership away from a…
Article
Don’t Succumb to Organisational Silos – Increase the Visibility of Risks Across Your Entire Organisation With CURA
April 26, 2023
CURA is a global governance, risk, and compliance (GRC) software provider that helps you better…
Article
Fact vs.Fake: Managing The Risk of Misinformation
February 16, 2023
Misinformation and disinformation are significant risks for South African organisations, and can have a direct…
Article
Future-Focused Governance Trends Businesses Need To Know About
November 29, 2022
CURA Software has published a report which focuses on future-focused governance trends that businesses and…
Blog
Resilience By Design
October 19, 2022
Earlier this month, Hurricane Ian lay waste in Florida. But two communities remarkably withstood the…
Blog
What Long-Covid Means For Businesses
October 3, 2022
Organizations worldwide were negatively impacted by COVID-19, but at the same time, have also had…
Scroll to Top