The method includes two aspects both distinct and linked : global audit itself (technical content) and its specific implementation (an approach).The self diagnosis form is part of the method and permits:
-to make manager and team responsible regarding company vulnerabilities,
-to ensure that requirements are taken into account a minima,
-to permit some transfer of vulnerability appreciation and its evolution in time.
It is necessary to motivate company partners positively on an operational ground.
Such an audit should be performed before an alea happens in order to prepare post alea situation with efficient help to the manager.
The method is mostly a tool for the manager, which permits dialog with public and private partners, with constant care of company durability. It is obvious that in small companies, the manager himself, and not his partners, decides strategy and establishes vulnerabilities hierarchy .A final action decision is taken by the manager himself.
The risk concretisation resuls of the happening of an event disturbing a menace stability state or a potential hazard.
A risk results from two types of elements interacting :
. key points , company elements whose loss, failure, unavailability would lead to critical financial, social, economical consequences.
. hazardous points , company elements or situations, causes of disturbing events évènements perturbateurs concretizing menace or potential hazard.
Risk control is relevant from :
. the edition of a company safety policy which defines any acceptable risk level,
. le recensement exhaustive collection of risks above the acceptable level and implementation of measures of suppression, prevention, protection, or risk transfer means (insurance)
THE METHOD STEPS
-Perform a vulnerability audit which collects the various company hazardous points and the possible disturbing events they could provoke. This step is based upon a check list organized in great functions.
-Edit a risk matrix to permit risk quantification following simplified tables of happening probability of disturbing event and importance of induced consequences.
. Establish formally the safety policy as it results from manager wishes and strains.
. Select risks to control following elements hereup.
-For each risk, edit a risk sheet to choose measures and means to envision risk reduction at acceptable level, compare soilutions and plan their implementation.
Implement those mens and measures, control their efficiency and possibly update regularly.