Risk analysis typically identifies risks through a process of brainstorming and examining plans. It then maps risk along two dimensions, probability and impact, assigning scores (typically up to 3,5 or 9) to each. Probability is the chance or likelihood of the risk occurring. Sometimes these are then multiplied together to give an overall risk severity figure.
Risk are often listed in a register, which is then used to manage and track those risks. This have some columns, but the example shown in figure 1 simply shows the main items discussed here.
Risk of Description Probability Impact Severity Action
(1-3) (1-3) (PxI)
Failure to deliver Medium (2) High (3) 6 Weekly risk reviews
to schedule Code buddies
Risks can then be plotted on matrix to flag the severity of risk. When working in a team session, this can be done on wall with flip charts and Post-it notes.
Risk planning may then continue by working out how to reduce the probability or impact of selected risks. Moving any risk will require mitigating action and will have a cost associated with it. A cost-benefit assessment can therefore be done to determine the most effective actions to take.
In business, risk analysis is common in projects where planned activities are assessed. In quality risk management, rather than examining the project plan, it is useful to identify risks through analysis of the process diagrams. At each process step ask. " What could go wrong? How? How likely is this? What would be the impact on the business?"
Typical risk include:
- Inputs and materials do not meet required specification.
- Instructions, training or management are inadequate.
- Actions are not completed on time or unexpected delays occur.
- Human error or inadequate motivation results in defects, damage and other problems.
It is important as well to continue the dialogue on an ongoing basis, ensuring actions are completed and reassessing risks for changes in both impact and probability.