Scribd
Upload
208 views

Risk Assessment

Detailed insights into Risk Assessment for Systems Analysis & Design. Categorization and the Risk Assessment Matrix

Uploaded by

jay bao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
208 views

Risk Assessment

Detailed insights into Risk Assessment for Systems Analysis & Design. Categorization and the Risk Assessment Matrix

Uploaded by

jay bao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

More on Risk Assessment

Prepared by Dr. Jordan Barlow for ISDS-406: Systems Analysis & Design; e-mail [email protected] if you
would like a copy of the Excel file that has the example risk matrices in the figures.

Categorization and the Risk Assessment Matrix


Risk can be calculated using the following formula: Risk = Probability x Impact
When assessing risk, both the probability of the event occurring and the potential impact of the
event should be considered in detail. (See Figure 2-22 in Dennis, Wixom, & Roth (2014), “Systems
Analysis & Design” for a good example of a risk assessment document.)
In addition to detailing the probability and impact in a formal document, organizations often
summarize the probability and impact of risks using a risk assessment matrix. Risk assessment
matrices differ by organization.
One axis of the risk assessment matrix represents the probability of the event occurring. The other
represents the impact to the organization if that event were to occur.
Both probability and impact can be represented in different ways. Probability is usually
represented by % likelihood. Impact can be measured on a scale (e.g., 1-100) or a dollar amount.
Below are some examples of different risk matrices.

75+ Critical

51-75 Major
Risk 3

26-50 Moderate
Risk 2

11-25 Minor
Risk 1

<10 Insignificant

Remote Unlikely Possible Probable Likely Certain


<10% 10-35% 36-50% 51-60% 61-90% 90%+

$100K+ Critical

$10-$100K Major

$5K-$10K Moderate

$500-$5000 Minor

<$500 Insignificant

Rare Unlikely Possible Likely Certain


<15% 15-40% 40-60% 60-85% 85%+
(less common)
As you can see in the examples, the risk assessment matrix is color coded, with the highest risks in
red and the lower risks in blue or green. The risk assessment matrix is a way to visually assess the
riskiness of a potential project.
If a potential project has multiple risks in the red area, the project is not likely to be approved. Risk
assessment documents (such as the one shown in Figure 2-22 of the textbook) should focus on risks
in the mid-range and red areas, listing the risks in order of highest to lowest risk.

Ways to Manage Risks


In the risk assessment document, risk management strategies should be listed (in Figure 2-22, this
is the section called “Ways to Address This Risk”). There are four main ways to manage risk, as
shown in the table below:

Strategy Explanation Examples


(Consider the risk of a car accident
when travelling)
Risk Avoidance Completely avoiding the activity that Do not travel by car; walk when
(elimination) poses the risk (most attractive but possible
usually least feasibile option)
Risk Transfer Transfer or share the risk to/with a Purchase car insurance to transfer
(insure or share) third-party the financial risk of an accident
Risk Reduction Reduce the probability or potential Wear seatbelt to reduce impact;
(mitigation) impact of the risk drive slower to reduce probability
Risk Retention Accept and retain the risk (usually for Accept that a car accident is always
(accept the risk) risks in the green area of a risk matrix) a risk, but the probability is low so
you drive anyway

You might also like