Project Smart ~ Exploring trends and developments in project management today

Calendar iconNot recorded
Adobe PDF icon

Ranking Risks: Rare to Certain, Negligible to Catastrophic

~ By ExecutiveBrief

Red flowchart showing risk element

Risks your project or business is exposed to may be worth reviewing now more than ever to see which ones need more attention than others.

Risk is a concept that denotes a potential negative impact to an asset or some characteristic of value that may arise from some present process or future event. In everyday usage, risk is often used synonymously with the probability of a known loss. Risk is measured in terms of impact and likelihood. Since risk is directly correlated to loss, it is important to be able to assess risks in one's business and to address them. Needless to say, inattention to risks can definitely affect a company's bottom line.

Some businesses actually go by without a formal risk assessment policy, nor is there a unit that directly assesses the impact of risks in the organisation. We have been so accustomed to risk in our everyday lives that the tendency is to ignore minor ones and react when major ones occur. Moreover, effective risk management carries with it some costs, which, when presented to stakeholders, naturally would lead to questions on how the costs could be justified.

Risk management is a modern buzzword, but in no means a new science. More and more businesses and organisations recognise the need to identify risks within them so that they can be controlled and mitigated. It is important to exercise risk mitigation when it affects people, the environment, and one's business, to name a few. Risk avoidance cannot make the potential of even greater loss from happening go away.

The question is, as a manager, how would I know which particular sets of risks need a special level of attention? Given limited resources, how would I know which particular types of risks need to be prioritised and addressed?

A risk matrix is a risk assessment tool which exposes aspects of risks that could be subjected to some form of ranking. The matrix has ranges of consequence and likelihood as axes. A risk matrix shows the manager and the decision maker a clearer view of what the risk is, what is involved (in terms of procedural changes, costs, behavioural adjustments, and the like), and what amount of time can be afforded given the severity and probability of the risk event. It can help a manager visualise, in an organised manner, the risks he or she faces in quantitative and qualitative terms and plan and make a more informed decision when the situation arises.

How does one construct an effective risk matrix?

1. Identify What the Risk Matrix Is to Be Used For

Normally a risk matrix is called for during exercises involving hazard analyses, facility siting studies, and safety audits. Depending on the intended use of the matrix, one may need to establish tolerance or risk acceptability levels and a means of assessing the effectiveness of risk mitigation measures.

2. Define Consequence and Likelihood Ranges

A typical risk matrix is a four by four grid. On the Y (vertical) axis is the "probability/likelihood" description range while on the X (horizontal) axis is the "consequence" range.

Sample Risk Matrix
Figure 1: Sample Risk Matrix

Consequences of risks as laid down in the grid use descriptive words and are ranked according to severity: Negligible, Marginal, Critical, and Catastrophic. Negligible risks are the least severe and would be assigned the lowest rank. Inversely, catastrophic risks are those that would be first in the severity ranking. Determine tolerance by assigning dollar values to each severity ranking, as well as some qualitative characteristics of the consequence being described. For example, Negligible Risks are those that involve USD 2,000 but less than USD 10,000 and could result in minor illness or injury to employees not exceeding a day, does not violate laws, or has little or minimal environmental damage and will be assigned Rank 1 in the matrix. Catastrophic Risks are those that involve USD 1M, could result in death or permanent disability, result in irreversible environmental damage or permanent closure to business, and will be assigned Rank 4 in the matrix.

RankRangeAmount of Loss in USDDescription of Loss
4Catastrophic1M or more
  • Results in death or permanent disability of employees
  • Irreversible environmental damage
  • Closure to business
3Critical200,000 but less than 1M
  • Results in partial permanent disability, injuries or illness of 3 employees or more
  • Reversible environmental damage
  • Violation of law/regulation
2Marginal10,000 but less than 200,000
  • Injury or illness of resulting in one or more work days lost
  • Mitigable environmental damage where restoration activities can be done
1Negligible2,000 but less than 10,000
  • Minor illness or injury to employees resulting in one day's absence
  • Does not violate laws
  • Little or minimal environmental damage
Figure 2: Sample Consequence Ranking

The Probability axis describes the likelihood of the risk happening and can be assigned either Frequent, Probable, Occasional, Remote, or Improbable, or simply Certain, Likely, Possible, Unlikely, or Rare. Again, it would be helpful to state the likelihood criteria in numeric terms (example, "Possible" means the risk will occur several times in a lifetime but not less than 10 times nor over 100 times in that lifetime) and to assign logical rankings.

RankRangeProbability (over the life of a business)Description
5CertainOnce in 2 yearsContinually experienced
4LikelyOnce in 4 yearsWill occur frequently
3PossibleOnce in 6 yearsWill occur several times
2UnlikelyOnce in 12 yearsUnlikely, but can be reasonably expected to occur
1RareOnce in 24 yearsUnlikely to occur, but possible
Figure 3: Sample Probability Ranking

Once the criteria for consequence and likelihood has been laid down, proceed to determine specific incidents, events or conditions that pose risk for the business and assign them along the blocks in the matrix. Example of an incident in the office would be "burst pipes and leaks" - this could be assigned in the block Rare (Rank 5 Likelihood) and Negligible (Rank 1 Consequence).

3. Translate the Tolerability Criteria Into the Matrix

The design of the matrix should be able to show clearly which of the blocks are intolerable or tolerable. For example, a Possible (Rank 3 Likelihood) intersecting with a Catastrophic (Rank 4 Consequence) would be intolerable for any business, given the description and values you have previously assigned. This block is a clear subject of risk mitigation efforts in the organisation compared to a block (risk) pertaining to a Negligible (Rank 1 Consequence) intersecting with a Certain (Rank 2 Likelihood) which could be addressed, say, with a simple change or adjustment in organisational policy.

Determining Tolerance Points in the Matrix
Figure 4: Determining Tolerance Points in the Matrix

Care in Assigning Values

Risk matrices are fairly easy to construct and understand. However, one has to be careful in assigning values, taking care not to be overly quantitative and not affording to include what is called a "layer of protection" approach, a means of including protective measures, which, when applied, brings down the risk a level lower. As in all planning and risk management efforts, it is recommended that the risk planner or analyst, even the manager, exercise conservatism in its design as well as point out areas of alarm. Decision makers are recommended to use this tool in policy formulation and include budgetary allocations to address not only persistent risks but also be ready for potentially catastrophic ones.


ExecutiveBrief, the technology management resource for business leaders, offers articles loaded with proven tips, techniques, and action plans that companies can use to better manage people, processes and tools - the keys to improving their business performance. To learn more, please visit: SoftServe United Blog

© ExecutiveBrief 2008


Comments

Be the first to comment on this article.

Add a comment



(never displayed)



 
1500
What is the opposite word of weak?
Notify me of new comments via email.
Remember my form inputs on this computer.

Avoiding Project Management Pitfalls

Foot about to tread on a banana skin

Common pitfalls that projects experience and some tips to help make a project more successful and avoid the potential for chaos.

Demand a Strong Project Plan

Gantt chart

What to look for to advance your consulting projects from contract to execution.

Belbin and Successful Project Teams

Business team brainstorming using coloured labels on an office table

Creating successful project teams is a daunting task for project leaders. A good method for matching people to roles is the Belbin Team Inventory Method (BTIM).

Undertaking a Successful Project Audit

Audit checklist clipboard with checkboxes marked for related concepts

A project audit provides an opportunity to uncover issues, concerns and challenges encountered during the project lifecycle.

PROJECT SMART is the project management resource that helps managers at all levels improve their performance. We provide an important knowledge base for those involved in managing projects of all kinds. With weekly exclusive updates, we keep you in touch with the latest project management thinking.

WE ARE CONNECTED ~ Follow us on social media to get regular updates and opinion on what's happening in the world of project management.


Latest Comments

Duncan commented on…
10 Rules of Highly Successful Project Management
- Mon 26 September 7:50am

John Corbett commented on…
10 Rules of Highly Successful Project Management
- Mon 19 September 1:36pm

London Management Centre commented on…
Get Maximum Benefits of Merging Top-down and Bottom-up Project Management
- Mon 19 September 11:29am

Latest tweets

General Project Management • Re: Software Product Delivery Plan for an Agile project https://t.co/qlwUTdDgAa #pm #projectsmart about 3 hours ago

General Project Management • Re: Best/cheapest online PRINCE2 Foundation course with exam included https://t.co/qRvyY1ZXVj #pm #projectsmart about 3 hours ago

Here are some basic rules of reporting status that you can use to further your reputation https://t.co/eOfIohem8R #projectsmart #pmot about 15 hours ago