	Accessibility Background
Home \| A-Z Knowledgebase \| Questions and Answers \| Members Area

Risk Management

Management of Risk

Risk Principles

Risk Tolerance

Risk Responsibilities

Risk Ownership

Risk Management Cycle

Risk Evaluation

Identify Risk Responses

Balancing the Risk

Risk Planning/Monitoring

Risk Profile Matrix

Risk Analysis & Risk Log

Risk Budgeting

Mapping Risk Process

Risk Considerations

Risk Evaluation

Risk evaluation is concerned with assessing probability and impact of individual risks, taking into account any interdependencies or other factors outside the immediate scope under investigation:

Probability is the evaluated likelihood of a particular outcome actually happening (including a consideration of the frequency with which the outcome may arise). For example, major damage to a building is relatively unlikely to happen, but would have enormous impact on business continuity. Conversely, occasional personal computer system failure is fairly likely to happen, but would not usually have a major impact on the business
Impact is the evaluated effect or result of a particular outcome actually happening
Impact should ideally be considered under the elements of:
- time
- quality
- benefit
- people/resource

3x3 Risk Matrix Some risks, such as financial risk, can be evaluated in numerical terms.

Others, such as adverse publicity, can only be evaluated in subjective ways.

There is a need for some framework for categorising risks, for example, high, medium and low.

When considering a risk’s probability, another aspect is when the risk might occur.

Some risks will be predicted to be further away in time than others and so attention can be focused on the more immediate ones.

This prediction is called the risk’s proximity. The proximity of each risk should be included in the Risk Log.