• Print
• · Download Complete White Paper

Risk Analysis and Capabilities Assessment

Risk analysis is an integral part of an overall risk management program, but understanding risk does not necessarily suggest a recommended course of action to mitigate it.  Digital Sandbox employs a “capability build-up” methodology to using risk to identify gaps and inform investment priorities.

RISK BUY-DOWN

The primary policy-based approach used today is to align investments against risks.  It is the approach taken by FEMA in allocating funds for the Homeland Security Grant Program and other risk-based grant programs.  While useful for high-level direction setting, the risk buy-down approach suffers from two practical issues.  First, it requires a risk analysis methodology (e.g., a risk equation) that is sensitive to the effects brought about by risk mitigation investments, which is not the case in current FEMA formulas.  Its second practical issue is that creating a mitigation-sensitive risk formula is exceedingly difficult.  While this approach may work for deciding between two or three similar proposed investments, it is probably not a cost-effective method for setting overall risk management priorities.

CAPABILITY BUILD-UP

A better approach than risk buy-down is to use risk analysis to drive risk management through an analysis of capabilities.  The risks facing a jurisdiction or sector can (and do) suggest a prioritized set of capabilities that should prove most effective at mitigating those risks.  Investments that build up those key capabilities should therefore have the highest “risk return.”  Coupled with an ability to measure the overall amount of capability one has (capability assessment), this approach can be an effective tool for managing risk.