**Analyze Risk**

Risk analysis is the process of calculating the **probability** of the event and the **consequence **if it occurs. The product of these two becomes the **Risk Ranking**.

## Probability

Probability is the likelihood that the risk event will occur. Probability rarely implies mathematical certainly rather it is a subjective estimate as demonstrated in the Matrix for Probability or could be measured in time as demonstrated in the Probability Alternate.

**Consequence**

** Consequence **is the impact or severity of the effect of the risk on the goal or objective.

**Risk Ranking**

** Risk Ranking:** is the combined effect of the probability and the consequence. Ranking score = (Probability Score) times (Consequence Score). A risk ranking matrix is used to categorize the severity of the risk rating.

## Risk Terms

** There are many terms associated with ranking risks**. It is not necessary to use all the terms but it is important to have common understanding of the following terms:

** Inherit Risk** is the rating of the risk event in the absence of existing controls or mitigation treatments. The value in assessing the inherent risk is to understand the full potential that exists.

** Current Risk **is the rating of the

**risk event at the time of reporting. This allows you to track the effect of mitigation treatments that have already been applied.**

** Residual Risk **is the rating of the risk after taking into account the additional mitigation or treatments strategies. It is important to project the potential residual risk as it will establish a bench mark for monitoring and reporting.

** Risk Tolerance** is the maximum level of risk that the University is willing to accept for a particular exposure. The tolerance should defined by Executive or Management, based upon the nature of the risk, existing controls, and implications of planned mitigations. In assessing the risk and defining how much risk the University is willing to tolerate, relevant factors for success should be defined. Factors to consider could include: reputation, market, resources, quality, financial viability, compliance etc.