Risk analysis advice

At Hoffmann, thinking in terms of risk is in our DNA. This can involve the physical security of your buildings with security guards, cameras and access control systems. But it can also be about cybersecurity, in the form of securing your IT infrastructure and data, or the presence of fraud risks in your primary financial processes. In every case, it involves risks that can seriously disrupt your operations. 

Feel free to contact our specialists

Contactform    088-2986600    info@hoffmann.nl

Conversations with our specialists are always confidential due to our professional secrecy.

Because a growing number of organisations are making headlines due to incidents, there is an increasing focus on conducting risk analyses. This is obviously a positive trend. Because by identifying risks and analysing them, you know where your organisation’s vulnerabilities lie. Armed with those insights, you can then determine how you can adequately manage the risks and set up appropriate security. 

Ultimately, no one wants hackers infiltrating your systems, unauthorised people walking into your buildings unseen, your employees clicking on malware-infected attachments in emails, or employees deliberately taking advantage of a deficiency in your administrative structure and internal auditing. These are all realistic examples of risks to your organisation. It is precisely by first knowing which of your organisation’s systems and processes are vulnerable, which information is critical and where it is then stored, or even where physical information is stored by your employees that we can, by making a qualitative risk analysis of your business, help you to take targeted action to address those issues.

Our approach to risk analysis

Our specialists have a set approach to risk analysis: the plan of action. The methodology Hoffmann uses is based on risk management in accordance with ISO 31000. In this process, we incorporate our knowledge and experience in current incidents from other assignments in order to compare them with your organisation and increase your organisation’s resilience. 

Our method starts with preparation by setting the context and then consists of the following three steps: risk identification, risk analysis and risk evaluation. This is followed by risk treatment. 

This methodology identifies existing vulnerabilities. During the risk assessment, the identified risks are assessed in terms of probability (frequency) and effect (impact), and we determine with you which risks require further substantive assessment (analysis). Involving key personnel in this process increases risk awareness while creating support for risk treatment at the same time.

The aim of risk analysis is to identify and analyse potential risks and determine the risk treatment strategy. This provides insight into: 

• Vulnerable functions, systems and processes/activities;
• Present risks;
• The probability (likelihood) and effect (impact) of the risks;
• The most relevant risk-increasing factors; 
• Short- and long-term recommendations.

We then help you with the implementation process and ensure that you create sustainable security. There are a variety of possible follow-up steps that can be taken based on the results of the risk analysis. For instance, we facilitate organisations with the writing of policies and successive plans and procedures. We assess offers from suppliers and ensure the roll-out of periodic security tests (Red Teaming). Other common follow-up steps focus on achieving behavioural change among your employees in the context of (cyber)security en integrity. At the heart of it all is that we consider all aspects of risk management from our own expertise.