Skip to main content - Skip to contact information

Analyze Risk

Risk analysis is the process of calculating the probability of the event and the consequence if it occurs. The product of these two becomes the Risk Ranking.

Probability

Probability is the likelihood that the risk event will occur.  Probability rarely implies mathematical certainly rather it is a subjective estimate as demonstrated in the Matrix for Probability or could be measured in time as demonstrated in the Probability Alternate.

Consequence

Consequence is the impact or severity of the effect of the risk on the goal or objective.  

Risk Ranking

Risk Ranking: is the combined effect of the probability and the consequence.  Ranking score = (Probability Score) times (Consequence Score).  A risk ranking matrix is used to categorize the severity of the risk rating.

Risk Terms

There are many terms associated with ranking risks. It is not necessary to use all the terms but it is important to have common understanding of the following terms:  

Inherit Risk is the rating of the risk event in the absence of existing controls or mitigation treatments.  The value in assessing the inherent risk is to understand the full potential that exists. 

Current Risk is the rating of the risk event at the time of reporting.  This allows you to track the effect of mitigation treatments that have already been applied. 

Residual Risk is the rating of the risk after taking into account the additional mitigation or treatments strategies.   It is important to project the potential residual risk as it will establish a bench mark for monitoring and reporting. 

Risk Tolerance is the maximum level of risk that the University is willing to accept for a particular exposure. The tolerance should defined by Executive or Management, based upon the nature of the risk, existing controls, and implications of planned mitigations.  In assessing the risk and defining how much risk the University is willing to tolerate, relevant factors for success should be defined.  Factors to consider could include:   reputation, market, resources, quality, financial viability, compliance etc.