Impacts
Weitere Optionen
Impacts are effects an organization has on its environment. These can be positive or negative. In double materiality they are used for the analysis of the inside-out perspective, or impact materiality. Opposite them are risks and opportunities, which show the financial materiality, or outside-in perspective.
Overview of impacts
Under "Risk management → Impacts" you find an overview of all impacts that have been created for the current management system. Their probability of occurrence and impact classes are also shown in this list. A double click opens an impact for editing.
Creating impacts
Impacts can be created with the "plus" button. This opens an interface in which the basic data can be recorded.
| Code | Here you enter the abbreviated name of the impact. The code can be automatically generated. |
|---|---|
| State | Usually, the state is active, but can be changed manually. |
| Name | Here you enter what the impact is called. |
| Identified on | This field is pre-set with the date of creation, but can be manually changed. |
| Description | Here, you should describe/explain the impact. |
| Remarks | Here, you can describe how the evaluation of the impact was determined. |
| Strategy | These options describe how a negative or positive impact is to be dealt with. Coping strategies: - Undefined (it has not yet been determined how to deal with it) - Avoidance (Waiver of the activity) - Reduction (Probability of occurrence is reduced by measures) - Transfer (Outsourcing of the hazard; e.g. by rolling over the hazard) - Acceptance Treatment strategies: - Exploit - Ignore - Share - Enhance |
| Probability of occurrence | The probability of occurrence is defined in the risk policy and is used with risks, opportunities, and impacts to show how likely it is that a given circumstance arises. Example: rarely, probably, often |
| Scale | The scale is defined in the risk policy and is used in impacts to show how great the impact is. Example: slight, medium, serious |
| Scope | The scope is defined in the risk policy and is used in impacts to show how far-reaching the impact is. Example: local, regional, international |
| Remedy | For negative impacts the remedy shows how small or big the effort to remediate the impact is. small effort, medium effort, large effort |
| Value chain | This shows whether it is an upstream, in-house, or downstream activity in the value chain. |
| Temporal horizon | This shows whether it is a short-, medium- or long-term impact. |
| Categories | The same categories of risks and opportunities can be used for impacts. Find more information under categories of risks and opportunities. |
| Responsible | The responsible person is the primary contact for the impact. |
| Advisor | The advisors are responsible for treating the impact. |
| Assigned protection targets & weightings | Here you can record which protection targets are affected how much by the impact. |
| Norm-mapping | If the impact has to do with one or more norm chapters, these should be entered here. |
| Affected structure elements | All structure elements are listed here that are in any relationship with the impact. Opening the dropdown menu allows you to link structure elements with the impact. |
| External ID | The identification of the impact in another system. |
Calculation of the impact ratio
The impact ratio is calculated from the impact factors of the impact classes and the risk factor of the probability of occurrence. Like the risk ratio, it shows how small or large the impact is for the organization - in this case as an impact by the company onto its environment and people.
For this the geometric mean of the products of the factors (impact factors of scope, scale and remedy, and risk factor of probability of occurrence) is calculated. This results in a basis for comparison between risks/opportunities and positive/negative impacts. This allows for both ratios (impact ratio and risk ratio) to be used inl the KPI for double materiality. More on this KPI here.
- Calculation for a positive impact: (square root of (scope x scale)) x probability of occurrence
- Calculation for a negative impact: (cubic root of (scope x scale x remedy)) x probability of occurrence
Additionally, positive impacts are negated, meaning they receive a "minus" sign, in order to create the same danymic as between risks and opportunities.
Example:
The positive impact of "Usage of green energy" has an impact ratio of -11. This is the result of the impact factors 2 and 4 as well as the risk factor 4 of the probability of occurrence: (square root (2 x 4)) x 4 = 11.3
The negative impact "Unfiltered water drains" has an impact ratio of 9. This is the result of the impact factors 2 and 3 and 4 as well as the risk factor 3 of the probability of occurrence: (cubic root (2 x 3 x 4)) x 3 = 8.7
- Important: Severely negative impacts, meaning those with a large scale and/or a grand scope, can not be completely reduced by the remedy. As soon as the highest value has been chosen for either of those factors, the highest value of all of the three impact factors is used for the impact ratio calculation. The probability of occurrence is not impacted by this.
Assigned gaps
This tab shows all gaps that are assigned to the impact.
Target score weighting:
- If enabled, the sorting of protection targets is based on the target score weighting. The greater the deviation from the target score and the greater the weighting of the protection target, the greater the target score weighting. More about the target score weighting can be found here.
Existing gaps can be linked with the "link" button.
New gaps can be created and immediately linked with the "plus" button.
Display of gaps:
- Black: Gaps assigned to this impact that have not been corrected.
- Green: Gaps assigned to this impact that have been remediated or indicated as having at least the target score.
- Gray: These are historical gaps. These were identified in previous reviews and assigned to the impact. In the meantime, the review objects of these reviews have already been subject to a reassessment.
- Moved to Risk xx: The gap was originally assigned to the currently presented impact. In a further step, the assignment changed to another impact.
Zugewiesene Bedrohungen
In diesem Reiter werden alle Bedrohungen gelistet, die der Auswirkung zugewiesen sind. Bedrohungen, die mit zugewiesenen Abweichungen verknüpft sind, werden hier ebenfalls gelistet.
Bestehende Bedrohungen können mit dem "Link" Button verknüpft werden.
Neue Bedrohungen können mit dem "Plus" Button erstellt und gleich verknüpft werden.
Maßnahmen & Kontrollen
In diesem Reiter werden alle Maßnahmen und Kontrollen gelistet, die der Auswirkung zugewiesen sind und damit der Behandlung dienen. Die Maßnahmen und Kontrollen kommen entweder aus der Verknüpfung mit einer Abweichung, werden von den verfügbaren ausgewählt ("Link" Button) oder werden hier speziell für die Auswirkung erstellt ("Plus" Button).
Kommen Maßnahmen und Kontrollen von einer Abweichung, kann die Verknüpfung zur Auswirkung nur aufgehoben werden, indem die Verknüpfung zur entsprechenden Abweichung aufgehoben wird. Die Verknüpfung zu aus der Liste zugewiesenen oder neu erstellten Maßnahmen oder Kontrolle kann mit dem Button rechts von der Maßnahme oder Kontrolle aufgehoben werden.