Scribd Logo
Upload

Welcome to Scribd!

  • 44 views

    Risk Analysis

    Uploaded by

    Samar Pratap
    Risk scores provide a quantitative measure of risk by considering both the probability of a risk occurring and its potential impact. They help identify and prioritize the most critical risks. This document discusses different approaches to calculating risk scores, including for internal vs. external risks, risks with single or multiple impacts, and risks analyzed qualitatively vs. quantitatively. Key steps involve identifying risks, analyzing their probability and impacts, then calculating a risk score by combining these factors using a standardized approach. The scores can then classify risks into categories to guide mitigation efforts.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    Risk Analysis

    Uploaded by

    Samar Pratap
    44 views13 pages
    Risk scores provide a quantitative measure of risk by considering both the probability of a risk occurring and its potential impact. They help identify and prioritize the most critical risks. This document discusses different approaches to calculating risk scores, including for internal vs. external risks, risks with single or multiple impacts, and risks analyzed qualitatively vs. quantitatively. Key steps involve identifying risks, analyzing their probability and impacts, then calculating a risk score by combining these factors using a standardized approach. The scores can then classify risks into categories to guide mitigation efforts.

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Risk scores provide a quantitative measure of risk by considering both the probability of a risk occurring and its potential impact. They help identify and prioritize the most critical risks. This document discusses different approaches to calculating risk scores, including for internal vs. external risks, risks with single or multiple impacts, and risks analyzed qualitatively vs. quantitatively. Key steps involve identifying risks, analyzing their probability and impacts, then calculating a risk score by combining these factors using a standardized approach. The scores can then classify risks into categories to guide mitigation efforts.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    44 views13 pages

    Risk Analysis

    Uploaded by

    Samar Pratap
    Risk scores provide a quantitative measure of risk by considering both the probability of a risk occurring and its potential impact. They help identify and prioritize the most critical risks. This document discusses different approaches to calculating risk scores, including for internal vs. external risks, risks with single or multiple impacts, and risks analyzed qualitatively vs. quantitatively. Key steps involve identifying risks, analyzing their probability and impacts, then calculating a risk score by combining these factors using a standardized approach. The scores can then classify risks into categories to guide mitigation efforts.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    You are on page 1of 13

    Risk Analysis

    Risk Score

    • It reflects the level of risk in the presence of some risk factors (e.g.
    risk of mortality or disease in the presence of symptoms or genetic
    profile, risk financial loss considering credit and financial history, etc)
    • It reflects the severity of risk due to some factors
    • Risk scores can help you identify and respond to the most pressing
    concerns affecting the health of project or organization.
    Internal Risk Scores
    • An internal risk score is an assessment of any risk factor that comes from within the
    company.
    • Though they can be just as damaging as external risks, internal risks are often the most
    difficult to identify because they rely heavily upon the company's culture of risk.
    • In a survey conducted by Allianz of a group of upper-level executives from 300
    organizations, only 1% identified internal risks as potential threats—versus 30% among
    mid-level managers.
    Common Internal Risks:

    • Human error, such as unintentional data leaks, union strikes, or ineffective management
    • Inadequate organizational structure and reporting responsibilities
    • Asset loss, including damage or destruction of company property or unforeseen costs of
    doing business
    External Risk Scores
    • External risk scores are assessments of anything and everything that could threaten
    your business/project from outside the company.
    • These risks vary greatly and, in some cases, have few (if any) warning signs.
    • It’s important to identify potential external risks so your project team/organization has
    processes in place to react to and mitigate damage as soon as possible.

    Common External Risks:

    • Natural Disasters: everything from hurricanes and flooding to droughts and earthquakes
    • Economic Change: recessions and industry disruption
    • Political Factors: changes in governmental policies and regulations
    • Cyber Attacks: such as data theft by hackers, ransomware attacks etc.
    Determining a Risk Score
    In order to accurately calculate risk scores, two components must be taken into consideration: risk
    identification and risk analysis.
    Risk Identification: Identifying potential risks is paramount to a successful project.
    • Risk identification should not only be performed at the earliest stages of project development, it should
    also be reassessed throughout the project life cycle.
    • Some risks may be readily apparent to the project team—known risks; others will take more rigor to
    uncover, but are still predictable.
    Risk Analysis
    • Once a risk has been identified, analysis helps you understand the threat it poses to your project or
    organization.
    • This step explores the risk’s potential qualitative and quantitative impacts—which will help in creating
    processes to mitigate negative consequences.
    • In other words, risk analysis is about calculating probability and likely outcomes.
    Guidelines for Calculating Risk
    Risk= probability of event x magnitude of loss
    Probability of Occurrence
    • High probability – (80 % ≤ x ≤ 100%)
    • Medium-high probability – (60 % ≤ x < 80%)
    • Medium-Low probability – (30 % ≤ x < 60%)
    • Low probability (0 % < x < 30%)
    Risk Impact
    • High – Catastrophic (Rating A – 100)
    • Medium – Critical (Rating B – 50)
    • Low – Marginal (Rating C – 10)
    Risk Score
    • The risk score is the result of your analysis, calculated by multiplying the Risk Impact Rating by Risk
    Probability.
    • It’s the quantifiable number that allows key personnel to quickly and confidently make decisions regarding
    risks.
    For qualitative risk assessment, risk scores are normally calculated using factors based on
    ranges in probability and impact.
    In quantitative risk assessments, risk probability and impact inputs can be discrete values
    or statistical distributions.

    Risk Probability Ranges


    • Risk probability characterizes the chance that a certain event may occur during the course
    of a project.
    • Example probability could be categorized into 5 levels: Very Low, Low, Medium, High, or
    Very High.
    • The problem with these categories is that they can be very ambiguous and have different
    meanings depending upon who you asks.
    • Some methods attempt to improve this by using categories such as Rare, Unlikely,
    Possible, Probable and Certain;
    • However, this still leaves us with the question of defining what these terms actually mean.
    Therefore, it is recommended that each category has a probability
    definition.
    An example could be as shown below:
    Label Probability range
    Very Low : 1 in 100
    Low : 1 in 10
    Medium : 1 in 5
    High : 1 in 2
    Very High : ≥ 1in 2
    • In this way, when assessing probability, all team members have a
    common understanding of the meaning of each category
    Risk Impact Ranges

    • Like probability matrixes, assessing impacts can be just as problematic, if there is not a
    common definition of what each impact level means.
    • In addition, risk impacts can affect more than one project objective such as cost,
    schedule, safety, quality or others. These are referred to as risk categories and can be
    assessed independently.
    • For each risk category, we want to provide a common definition to aid in the assessment

    Impact Label Cost Schedule Safety


    Very Low < 1% 1 day Non injury accident
    Low 1-5% < 1 week Requires medical attention
    Medium 6-10%2 weeks Requires hospitalization
    High 11- 20% 1 month > 1 day work lost
    Very High > 20% > 1 month > Fatality
    Calculating Risk Scores

    In order to calculate risk score, we need to assign a value to each of the probability and
    impact levels (e.g. 1, 2, 3, 4, 5). Our matrix now includes these values for each label
    Impact Label Probability Cost Schedule Safety
    Very Low: 1 1 in 100 < 1% 1 day Non injury accident
    Low: 2 1 in 10 1-5% < 1 week Requires medical attention
    Medium: 31 in 5 6-10% 2 weeks Requires hospitalization
    High: 4 1 in 2 11- 20% 1 month > 1 day work lost
    Very High: 5 ≥ 1 in 2 > 20% > 1 month > Fatality
    If we had risk that was assessed to have a high probability and medium impact:
    Risk score = High (4) x Medium (3)= 12
    Risk scores can then be further defined into categories such as Catastrophic, Serious, Moderate, and Low
    based on the calculated score
    Catastrophic: ≥ 15
    Serious: ≥ 10
    Medium: ≥ 5
    Low: ≤ 4
    Risk Scores with Multiple Impacts
    Risks can have multiple impacts called risk categories.
    Two common methods to calculate risk scores if there are multiple categories:
    1. Probability * highest impact
    This is a very common qualitative risk scoring calculation in which the highest impact score for all of the impact is
    used to calculate the risk score.
    For example, if you had a risk that had been assessed:
    • Probability: Very High (5)
    • Schedule: High (4)
    • Cost: Medium (3)
    • Safety: Low (2)
    Risk score = Probability (5) x Highest Impact (4) = 20

    2. Probability * Average Impact


    This takes the probability and multiples it by the average score of all risk impacts.
    Using the example above, the risk score would be calculated:
    Risk Score = Probability (5) x (4+3+2)/3= 5 x 3 = 15

    So, we can see that the risk scoring calculation can have a fairly substantial impact on how the risk is assessed.
    Risk Scores Based on Results of Quantitative Analysis

    Calculating risk scores from quantitative risk analysis, such as schedule risk
    analysis, integrated cost and schedule risk analysis and others is both more
    complex and without any standard process.
    The inputs for the analysis are not ranges or labels of ranges, but can be
    expressed in numerous ways:

    • discrete percentages (e.g. 25% probability that a risk will occur)


    • relative values: a 25% delay in a task
    • fixed values: a 15 day acceleration of a task
    • statistical distributions: cost impacts with a Beta statistical distribution with
    Low Rs.25,000, Most Likely Rs.35,000, and High of Rs.50,000.
    • Impacts could be actions that restart, end, or cancel activities.
    • Risk scores have to account for the schedule precedent network, task cruciality, and critical path.
    • An example would be where a project having a risk with a high probability and impact that is assigned to a task that is not critical
    or near critical path. Though the risk may have a large impact on the specific task(s) and push it successors, it may have little or no
    effect on the overall project finish time. If we looked at a sensitivity analysis we would see that it has a very low correlation
    coefficient between the duration of the activity with the large risk and the project finish time. Because of this it is recommended
    that risk scores use Spearman Rank Correlation as part of the risk score calculation.

    The process for calculating the quantitative risk score:


    • During simulation record the impact of risk on project parameters during each iteration. An example, Risk A occurs and causes 3
    day delay and $20,000 cost increase.
    • Calculate the Spearman Rank Order coefficient between schedule and cost impacts for each risk and Project Cost, Finish Time,
    Duration etc.
    • Normalize the correlation coefficient.
    • Calculate probability based on the number of times the risk occurred during the simulation. This can be complicated as it is
    possible for risks to have multiple probabilities per assignment as well as different probabilities for different activities.
    • Risk score for each risk category can now be calculated: calculated probability multiplied on normalized correlation coefficient.
    • For risks that impact multiple categories, risk score for each category multiplied by a weight that represents the relative
    importance of the category. For example, if you had cost and schedule categories and schedule is 2x as important as cost, you
    would get an importance coefficients of .667 for schedule and .333 for Cost.

    Depending upon how you are analyzing your projects, the process you use can have a large impact on how your risks are assessed.
    Make sure you are aware of how the risks will be assessed and that you have common guidelines that explain how project
    probability and impact are assessed and the methodology used to calculate the risk scores .

    You might also like