Unit 5 Risk Assessment 2: risk analysis and evaluation Flashcards
Unit 5: Risk assessment 2: risk analysis and evaluation, Introduction to risk analysis, risk likelihood and impact, loss control, defining the upside of risk, the importance of risk appetite (risk evaluation).
Which one of the following formulae is the best way to calculate the severity of a risk?
Risk impact × risk likelihood
Which of these terms is defined by Hopkin as ‘the amount and type of risk that an organisation is willing to pursue or retain’
Risk appetite
Which of these is an expression of probability:
‘There is a 2% chance of rain in the city of Jeddah on any one day during the next month.’
Activity 5.1. How do you measure risk in your organisation? To what extent do you adopt a quantitative approach to risk analysis?
You might find that some of your risks are measured in a quantitative manner while others are measured qualitatively. Financial risks for example might be very measurable quantitatively or semi quantitatively. Where you measure a quantitative impact, such as a financial loss, you may also use a qualitative measure of likelihood, such as a high, medium or low measure.
Activity 5.2. Write a short definition of the term ‘risk analysis’.
Here is a possible definition: ‘Risk analysis helps us to determine the severity of the risks our organisation faces by analysing the likelihood of the risk materialising together with the severity of the impact on the organisation.’
Activity 5.3. In your reading you will have seen the debate about analysing risks at the inherent and current levels. Which do you think makes most sense?
The debate on whether, as a profession, we should focus our risk assessment (or more precisely risk analysis) at the inherent or residual level of risk has never been fully resolved. Again, this discussion is more relevant after discussing risk treatment in unit 6 and we will return to it then; at this stage however, we focus on analysing inherent risk.
Activity 5.4. Look back at figure 6.4 in Hopkin (page 78) on ISO 31000, the IRM (2002) risk process, presented in figure 6.1 (page 71) and the COSO ERM cube (Hopkin, page 75). Where does risk evaluation fit into the risk management process in each of these standards?
Both ISO 31000 and the IRM (2002) risk process include risk evaluation as a separate element within the wider subject of risk assessment. The COSO ERM cube (and The Orange Book) subsume risk evaluation (as they did risk analysis) within the broader subject of risk assessment.
