Pulling together a risk management plan for your company is no easy feat. Firstly, you need to properly identify the full gamete of risks that could impact your business. Then gathering and compiling all the necessary information requires time and resources. But arguably the most important step of all is calculating the level of risk by creating a Risk Assessment Matrix. This involves business risk assessment and requires advanced analytical skills if you want the findings to be accurate and credible.
Risk assessment is a systematic approach to measuring, ranking, comparing and prioritising risk in a consistent way, across your company. According to ISO 31000:2009, the risk is “expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence” [Clause 2.1]. As such, risk is measured as a function of the likelihood that cause(s) trigger an occurrence and impact of the consequence using a full-proof system; the Risk Assessment Matrix.
It is always good for this purpose to have, keep and maintain a corporate record retention. This process involves using a risk calculation formula and a risk management calculator to ensure precision.
This post will delve specifically into how you can create a Risk Assessment Matrix using a 5-point rating scale that you can customise to your organisation.
Calculating the Likelihood of Risk
The likelihood of a certain occurrence can be given a rating based on qualitative terms or quantitative terms, like probability or frequency of an occurrence over a specified time frame. For example, you can describe the probability of an event occurring over the course of the project or asset, or the frequency of it happening annually based on historical occurrence. Here is an example of a rating scale with examples of qualitative and quantitative definitions. Keep in mind that assessment criteria – such as probability or frequency – should be tailored to fit the nature of the risk you are assessing and potential causes you have identified. This can be calculated on a spectrum of 1 to 5. 1 = Rare (i.e. <once in 100+ years / <10% chance) 2 = Unlikely (i.e. once in 50-100 years / 10-35% chance) 3 = Possible (i.e. once in 25-50 years / 35-65% chance) 4 = Likely (i.e. once in 2-25 years / 65-90% chance) 5 = Frequent/almost certain (i.e. >once in 2 years / >90% chance). Learning how to compute risk accurately is crucial for effective risk management.
Calculating the Impact of Risk if it occurred
Just like likelihood, the impact or consequence of a certain occurrence can also be given a rating based on qualitative or quantitative terms. Depending on the nature of risk, impact assessment can be tied to a variety of consequences. These too can be calculated on a scale of 1 to 5 based on their severity of impact to finances, health & safety, security, regulatory, operations, reputation and human resources. 1 = Insignificant 2 = Minor 3 = Moderate 4 = Major 5 = Catastrophic.
A best practice is to assess impact using a combination of factors and assign a rating where impact is greatest. Understanding how to calculate risk involves evaluating both the likelihood and the potential impact of various risks. By assigning these ratings accurately, organisations can prioritise their risk management efforts effectively.
When learning how to calculate risk, it is crucial to gather input from different departments and stakeholders to ensure a comprehensive assessment. For instance, financial impacts might be evaluated by the finance team, while health and safety impacts are assessed by the safety team. This collaborative approach ensures that all potential consequences are considered and the most significant impacts are identified.
Likelihood by Impact = the Risk Assessment Matrix
After effectively evaluating the likelihood and Impact, you are now ready to present the level of risk in the form of a Risk Assessment Matrix with actionable items assigned to each risk. Using a risk assessment scoring matrix, you can effectively communicate the risks. An example of a Risk Assessment Matrix could look something like this.
Once you recognise the level of the risks your business is exposed to, you can prioritise the risks based on their significance and urgency and mitigate them so that your business is protected against financial, reputational and legal losses.
