RISK ASSESSMENT
Once risks are identified, they are assessed for likelihood (sometimes called frequency) and impact (sometimes called severity). Likelihood is reviewed on the basis of how frequently a risk event will occur over a given period (e.g. monthly, three times a year, once in 5 years). Alternatively, many firms find it helpful to think of the percentage likelihood of a risk occurring in one year.
Impact is generally assessed on the basis of the (possible) cost to the firm if the risk happens. However, some risk occurrences such as reputation damage are difficult to assess on a cost basis. This more subjective impact is generally assessed on a qualitative scale such as high, medium high, medium, medium low and low.
While the term ‘severity’ ...
Get Mastering Risk Management now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
