Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Submit a Peer Review for the AI Controls Matrix—a groundbreaking framework to address AI risks and strengthen security.

Business Risks Explored: Practical Insights for Resilience

Published 05/03/2024

Home
Industry Insights
Business Risks Explored: Practical Insights for Resilience

Written by the AuditCue Content Team.

The COVID-19 pandemic serves as a prime example of external risks faced by companies, causing disruptions in supply chains, declines in demand, and government-mandated closures. However, some companies were able to adapt and innovate in response to the pandemic. For instance, technology companies like Zoom and Microsoft quickly adjusted their offerings to meet the increased demand for remote work and online communication.



Understanding and Managing Business Risks

Risks are an inherent part of doing business, and companies must be equipped to identify, assess, and respond to them effectively. Risks can broadly fall into three categories, each requiring a different approach to risk management.


Category 1: Preventable Risks

Preventable risks are internal risks that arise within the company and are controllable. Examples include risks from employees and managers' unauthorized or unethical actions, or risks from breakdowns in operational processes. While it may be impractical or costly to completely eliminate these risks, companies should adopt a zero-tolerance policy for defects or errors that could cause severe damage. Preventable risks are best managed through active prevention measures.

Example: The Wells Fargo account fraud scandal, where employees created unauthorized bank and credit card accounts to meet sales goals.

A notable example of preventable risk is the Wells Fargo account fraud scandal, where employees created unauthorized bank and credit card accounts to meet sales goals. This unethical behavior resulted in substantial financial penalties and reputational damage for the company. The scandal underscores the importance of ethical practices and robust internal controls in preventing similar risks.


Category 2: Strategy Risks

Strategy risks are risks that a company voluntarily accepts in pursuit of its strategic objectives. Unlike preventable risks, strategy risks are not inherently undesirable, as they are often necessary for generating superior returns from the company's strategy. Strategy risks cannot be managed through rules-based control models. Instead, companies need a risk management system designed to reduce the probability of the assumed risk materializing.

Example: Netflix's decision to heavily invest in original content production, aiming to attract and retain subscribers with unique shows and movies.

A prime example of strategy risk is Netflix's decision to heavily invest in original content production. This strategic move involved significant investment and risk, aiming to attract and retain subscribers with unique shows and movies. Despite the challenges, Netflix's effective management of this strategic risk allowed it to dominate the streaming market and achieve substantial returns on its investments.


Category 3: External Risks

External risks are risks arising from events outside the company and beyond its influence. These risks can include natural disasters, political upheavals, or macroeconomic events. External risks cannot be prevented from occurring, so the focus must be on identification and mitigation of their impact.

Example: The impact of the COVID-19 pandemic on businesses, causing disruptions in supply chains, declines in demand, and government-mandated closures.

It is not enough to conduct risk assessment only for looking back at events gone by, but also account for events/threats/opportunities coming up in the future. A forward looking risk assessment should be a regular exercise for companies looking to strengthen their risk programs.


Forward looking Risk Assessment

For a comprehensive approach to forward-looking risk assessment, it's imperative to recognize the oversight role of boards and the responsibility of senior management in regularly reviewing and assessing organizational risks, underscoring the significance of engaging external experts in risk identification.

Various techniques for forward-looking risk assessments exist, including:

PESTLE Analysis: This method aids in identifying external risks by considering Political, Economic, Social, Technological, Legal, and Environmental factors.

SWOT Analysis: SWOT Analysis helps understand internal strengths and weaknesses alongside external opportunities and threats.

Horizon Scanning: This technique enables organizations to anticipate immediate risks.

Scenario Analysis: Scenario Analysis evaluates potential sources of significant operational risk.

These frameworks are only meant to provide a way of organising thoughts and ideas for a common goal. It is important to consider hidden biases, and utilise stress testing techniques for a better assessment of business risks.

A forward-looking risk assessment is crucial for ensuring business and commercial sustainability, requiring the addressing of competency and cultural issues for effective risk management.

Sources: Wikipedia, Netflix, National Library of Medicine


About the Author

The AuditCue content team prioritises addressing organizations' pain points and vulnerabilities by providing informative content tailored to those areas. If you have suggestions for topics you'd like us to cover, please don't hesitate to reach out to [email protected].

Enhancing cloud security strategyRisk Management

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Participate in the State of SaaS Security 2025 Survey
Key Management for Public Cloud Migration
Cloud Security for Startups 2024
Enhance your cloud security skills with CSA's online training options.
Related Articles:
Secrets & Non-Human Identity Security in Hybrid Cloud Infrastructure: Strategies for Success

Published: 01/14/2025

The Emerging Cybersecurity Threats in 2025 - What You Can Do To Stay Ahead

Published: 01/14/2025

The Trouble with Large Language Models and How to Address AI “Lying”

Published: 01/13/2025

Next-Gen Cybersecurity with AI: Reshaping Digital Defense

Published: 01/10/2025