top of page

5 Layers of Risk Assessment: How Well Are You Prepared?

risk assessment for organization

Building Strong Foundation Starts With Thorough Assessment

Every good plan starts with a transparent, thorough analysis of your current situation. Only when you have a clear picture of what kind of risks you, your business, your property, and your employees might encounter, you can conduct an effective risk management action plan.

When evaluating risk, disaster recovery consultants recommended dissecting them into five distinct layers. These layers range from what affects everyone at your business (including your suppliers and customers) down to an individual.

Here is our summary of 5 Layers of Risk Assessment with an emphasis especially on Layers 1 and 2. Use this guideline to assess the risks at your business and property.

risk assessment for organization

risk assessment for organization

Layer 1: External Risks

Many natural disasters affect wide areas. When they happen, they not only affect your facility but also the surrounding areas.

Consider, for instance, a thunderstorm. Its damaging winds can instantly affect the large proximity area. Severe thunderstorms can bring tornadoes, large hail, and extremely heavy rain which can lead to flash floods. They can also result in downed power lines and many other calamities, all at the same time.

All companies in the midst of this kind of situation are heavily affected by the disaster, including their customers, suppliers, and properties. Bridges may be out, power lines snap, and employees are unable to either leave the facility or come to work.

The risk to your business/property, highways, and railroads nearby depends on its geologic, topographic, as well as hydrologic conditions. While we are not able to accurately predict future events, maps and information provided by governments are helpful. We strongly advise evaluating the possible risk to your site in three major subjects:

  • Likelihood: How likely this particular disaster is to happen?

  • Impact: In general, how bad the damage would be?

  • Restoration: Consider the length of time to get your business' critical functions back into service. This needs to be differentiated from the entire length of time.

Natural Disasters


Tornadoes, the most brutal force of storms, can occur at any time of the year. What is especially scary about them is they can appear with little or even no warning at any given time. They definitely leave significant damage to your property and may hurt your employees' safety and well-being.


This is not a strange word anymore. We have been through the worldwide pandemic. Truth is, it can happen again. Besides Covid-19, we also had severe outbreaks of disease including severe acute respiratory syndrome (SARS), Zika, Ebola, and H1N1 (also known as swine flu). These have impacted the ability of numerous businesses to operate properly. If your employees or members of their families are sick from the disease, it will cause a major impact on the productivity of the entire team. Many governments are either requiring or strongly advising essential industries such as energy, banking, and transportation, to prepare plans for uninterrupted operations during a pandemic outbreak.


Earthquakes occur in a number of states and provinces across North America. They can kill people and severely damage properties and infrastructure. Check if your area has an earthquake risk. If so, an extra measure of safety would be strongly recommended such as installing anti-tip furniture fixers and tension poles.


We are witnessing more thunderstorms due to climate change. Thunderstorms are always happening around the world. Thunderstorms can be extremely dangerous since they often carry high winds, hail, deluge, and lightning. High winds may rip off roofs, walls, trees, and many other heavy structures. Hails can leave a massive number of dents on unprotected properties. Flash flooding and lightning both can instantly become life-threatening forces.


Generally speaking, water-related extreme weather conditions such as floods, tidal surges, or even tsunamis are detected and warned by the weather service. In the US, more than 90 percent of natural disasters involve flooding, according to the Federal Emergency Management Agency (FEMA). There are many different causes of floods: Snowmelt runoff, rainfall, coastal storms, cyclones, urban stormwater runoff, and many other natural causes. Besides the direct damage from the water, floodwater typically contains mud and sand. These will coat the floors and walls of the property as the waters recede, contaminating them with whatever was in the floodwaters.

Extreme Temperatures

In 2021, nearly 600 people lost their lives to extreme heat in British Columbia, Canada. Extreme temperatures, whether hot or cold, can wreak havoc on valued properties and people's safety. Knowing what kind of danger your own area may pose is very helpful to decide what an extreme temperature is and prepare for proactive plans.


Hurricanes are large, swirling storms that form in tropical waters anywhere around the world. Being the most violent form of storms, their occurrences can be predicted by the weather service. Organizations located near or in coastal areas must be aware of the danger of hurricanes and have a solid evacuation plan ready at all times.


Heavy snow or blizzard can be extremely brutal They can instantly close out access roads leading into and out of your facility. Find out if you live in an area where winter storms could happen. Even if the local weather is manageable, your business can be affected: for example, your trucks full of heavy materials cannot safely drive over snow-blocked roads.

Other Natural Disasters

There are several other natural disasters that wreak great havoc. Forest fires and/or large brush fires may threaten the safety of your employees as well as your property. Landslides and mudslides can close roads and greatly damage facilities. Make sure to know what kind of natural disasters are commonly happening around your area and plan proactively.

Manufactured Risks

Human-created risks are happening year-round. If your business is located in a city, this can pose a greater danger. Manufactured risks are the results of one's disaster or action that affects the safety and effective daily operations of you, your employees, and your property.

Take some time and drive around the nearby road to recognize the surrounding area. Make notes of what you observe: any large outside storage tanks, semitrailers with gas, or hazardous warning signs are good indicators of possible manufactured risks.


Highways are used every day to transport materials that can be especially heavy and toxic even. If a truck flipped over and its freight gets spilled over, the highway can be blocked for hours, sometimes for a day or two. If such an accident happens, will you have another access road to and from your facility/property?

The same analysis and prognosis should go with nearby bridges and railroads. If bridges across large bodies of water get damaged, do you have another safe way to get to your business? Is your property located near a railroad siding where railcars with potentially hazardous cargo could possibly be temporarily stored? Don't forget airstrips: Is your property located near a flight path? Ask these kinds of questions to diagnose all the possible scenarios.


Find out if there are any underground pipelines in your area. A pipe rupture can bring huge damage, forcing a mandatory evacuation that can last for several days.


In extreme weather, dams may overflow or become damaged.

Chemical users

If there are factories or plants that use chemical agents, this might pose a danger. For instance, a chlorine gas leak can force a wide evacuation of nearby areas.

Civil Risks


Statistically, the risk of occurrence of riots is higher in urban areas than in industrial or rural areas. Also, in general, it would be less likely in an affluent area than in a less affluent area.

Labour Disputes

There is a potential that a labour dispute can turn into a strike. The picket lines associated with a strike might cause material and/or employee flow problems. There is also a risk of secondary picketing. If one of your suppliers is in the middle of a labour dispute, your operation may also be affected.


Statistics show that the threat of terrorism is a growing problem worldwide. It includes bombing, hacking, kidnapping, hijacking, and other forms of violence. Although the possibility of occurrence is lower than other risks, once it breaks out, terrorism leaves extremely wide and deep damage.

Biological Attacks

An intentional release of germs or biological agents can instantly kill or injure people over a wide area. Agents can be contagious and spread from person to person or by direct contact. The anthrax attacks back in 2001 also known as Amerithrax, killed five people and infected 17 others. The FBI called its investigation as one of the largest and most complex in the history of law enforcement.

Supplier Risks

This risk depends on how smoothly and effectively your chosen suppliers can maintain their flow of goods and services to your business. Produce a list of your key suppliers then analyze the possibility of them not being able to manufacture or deliver the required material or service on time due to any aforementioned disasters. Consider the condition of transportation between them and your business. When an area-wide disaster hits, roads and rail services can be blocked for several days.

risk assessment for organization

Layer 2: Faculty-Wide Risks

Facility-wide risks represent risks that only impact your local property. If your company has more than one location, it is strongly advised to undergo a separate risk assessment for each location.


Without electricity, offices become dark, and manufacturing machines stop working. Sudden power outages, especially extended ones, can be detrimental.

To properly determine the risk of an electrical outage, begin with a thorough analysis: ask your teammates to find out the frequency (how many times it might occur within a five-year planning window), timing (time of the day), and length of power outages in your neighbourhood. Many times electrical outages are associated with extreme weather conditions such as severe thunderstorms and ice storms. Make sure to know what kind of weather conditions are common in your area too. Consult your property maintenance team. Find out how many feeds run into your property to uncover the potential points of power failure.

Even if electricity is out, the landline telephone system might still work. It is generally a good idea to maintain at least one landline connection. In case of power outages and with no cell phones nearby, you can use the landline to notify the power company, find out the proximity of the accident, and gain information about when to have the service back again.


Even though we are heavily dependent on the internet every day, telephones are still our crucial window to the world. For some companies, loss of telephone service may mean an abrupt block in smooth communication with customers and suppliers and also a challenge to connect to emergency services during a disaster.

When evaluating your telephone risk, begin with finding out your local telephone service architecture. When the local central office becomes temporarily inoperable, would you still be able to use your telephone? If your telephone service is connected to multiple central offices, even if the local office gets into trouble, your telephone service would still be working.


Every winter, we hear about unfortunate accidents of broken water mains. Broken water mains can be detrimental to your businesses especially when your operation heavily relies on water. For instance, if you run a restaurant but cannot use water, there is no other choice but to close your business until the problem gets fixed.

Office buildings also consume huge volumes of water. Besides using water for sanitation, many computer and PBX rooms are cooled by the chilled water system. If they lose water pressure, they may run a risk of having their central computer equipment getting overheated.

Climate control

Loss of temperature control at your property can be more than a temporary inconvenience. Besides creating uncomfortable working conditions, loss of heating or air conditioning can be damaging to your electronic systems as well as manufacturing materials. For example, loss of heat during winter can cause freeze pipes to burst. Loss of air conditioning in the heat of summer can lead to overheating of moving machinery much faster so that it goes beyond the rated safe operating temperature.


Many offices keep a sufficient number of fire extinguishers in every corner of their buildings but it does not stop a fire from breaking out. When you analyze the risk, consider the local condition (ie. Does the city where your property is located at gets very dry in the summer?), the amount of combustibles stacked around the property, as well as the construction structure of the building itself. In addition, calculate the reaction time for firefighters to arrive at your site.

Physical Security Issues

There are various physical security issues that need to be included in your risk analysis including:

  • Trespassing: How easy it is for a stranger to bypass or walk through security screening at your entrance? The measure of security screening depends on many variables including the type of your business. Keep in mind that accidents can happen where thieves come in to steal valuable items or angry people break in to take important data with them.

  • Physical security: Theft can happen either by employees or outsiders. Physical security includes employee identification (such as badges), a key control program, and electronic security access to especially sensitive areas. Surveillance cameras may come in handy not just for security for the property but also accidents that happen around your property.

  • Bomb Threats: This may not be high in occurrence but it holds a very serious gravity. Every occurrence of a bomb threat, whether it was genuine or just a very inappropriate prank, must go through a thorough, lengthy police investigation. After effects of bomb threats can be severe such as a damaged public profile of your company, delays in production, and a heightened level of tension in the offices.

Medical Concerns

When creating your disaster plan, you need to include equipment such as medical kits and defibrillators around the property and personnel that could provide aid while waiting for the paramedics to arrive. Some companies go a step further: They financially support certain employees to get and maintain their Emergency Medical Technicians (EMTs) certifications so that when a medical emergency happens, they can immediately get dispatched to assist.

risk assessment for organization

Layer 3: Data System Risks

One single problem in data systems can wreak havoc in multiple departments. Typically, data systems share extensive hardware including central computer systems, networks, file servers, and also Internet service.

To a significant degree, your data systems architecture determines your overall risks. From its design, technology cost and the benefits of centralized or decentralized software and data will be assessed. Keep in mind that when examining data system risks, your major goal should be finding a way to locate the single points of failure.

risk assessment for organization

Layer 4: Departmental Risks

Departmental risks include various issues from the absence of a key employee to the loss of an important piece of data. Unlike the previous risks, these types of obstacles can usually be overcome through the collective support of the employees in the department.

When creating a departmental risk assessment, ensure to work with all the members of the department. Together, identify the department's critical functions and risks both to your department and to other departments. If your department is accounting, your critical functions might look like this:

  • Payroll

    • To provide correct pay to all employees on time

    • To maintain accurate payroll records for all employees

  • Materials

    • To maintain an accurate accounting of all materials issued

  • Building security

    • To maintain the integrity of the building's physical security cordon at all times

    • To detect and notify authorities of any emergencies reported by security personnel

risk assessment for organization

Layer 5: Your Desk Risks

This is a personal risk assessment. It includes trivial things from a paper cut to your PC being suddenly crashed. Conducting this type of risk analysis is useful for ensuring that everything you need to do at your job is clearly listed and organized.

In case of emergencies such as you cannot go to work due to personal emergencies or you cannot attain important files from your computer because it is malfunctioning, having this risk analysis under the belt will minimize their negative impacts.

26 views0 comments


bottom of page