Risk analysis methodology used by several small and medium enterprises in the Czech Republic

The aim of this paper is to present risk analysis procedures which have been successfully applied by Czech small and medium enterprises (SMEs). The methodology, which is based on the modification and combination of two standard methods, aims to accelerate (and make more affordable) the risk analysis process, as compared to other risk analysis methods used for public organizations and major corporations in the Czech Republic.

The paper presents in detail the individual steps the authors used in risk analysis of SMEs in the Czech Republic. The method is based on the facilitated risk analysis process (FRAP) methodology and the BITS recommendation. Modifications of both methodologies are described in detail.

To perform risk analysis in the SME sector in the Czech Republic, it is necessary to have a broad portfolio of instruments. Besides using the CRAMM methodology, the authors have created a new method based on combining the BITS and FRAP methods. The advantage of this method is its ability to accelerate the risk analysis, especially the identification and asset evaluation phases. Another advantage is that the method produces simple spreadsheet tables, providing the consumer with a tool that is easily editable and may be used for follow‐up procedures.

The risk analysis method produces benefits for SMEs by speeding up the risk analysis and lowering its cost. Another benefit is that the method is open‐source and can potentially be further modified.

The paper presents in detail an approach to risk analysis based on the modification of the FRAP methodology and the BITS recommendation.