Why use the tool?
Risk Analysis is a formal framework that helps you to
assess the risks that you or your organisation face. A good risk analysis
will help you to decide what actions to take to minimise disruptions
to your plans. It will also help you to decide whether the strategies
you could use to control risk are cost-effective.
How to use the tool:
Here
we define risk as 'the perceived extent of possible loss'. Different
people will have different views of the impact of a particular risk
- what may be a small risk for one person may destroy the livelihood
of someone else.
One way of putting figures to risk is to calculate a
value for it as:
risk
= probability of event x cost of event
Doing this allows you to compare risks objectively.
We use this approach formally in decision making.
To carry out a risk analysis, follow these steps:
1. Identify
Threats:
The first stage of a risk analysis is to identify threats facing you.
Threats may be:
- Human - from individuals or organisations, illness,
death, etc.
- Procedural - from failures of accountability, internal
systems and controls, organisation, etc.
- Natural - threats from weather, natural disaster,
accident, disease, etc.
- Technical - from advances in technology, technical
failure, etc.
- Political - from changes in tax regimes, public opinion,
government policy, foreign influence, etc.
- Project - risks of cost over-runs, jobs taking too
long, of insufficient product or service quality, etc.
- Financial - from business failure, stock market,
interest rates, unemployment, etc.
- Others
This analysis of threat is important - it is easy to
overlook important threats. One way of trying to capture them all is
to use a number of different approaches:
- Firstly, run through a list such as the one above,
to see if any apply
- Secondly, think through the systems, organisations
or structures you operate, and analyse risks to any part of those
- See if you can see any vulnerabilities within these
systems or structures
- Ask other people, who might have different perspectives.
2.
Estimate Risk:
Once you have identified the threats you face, the next step is to work
out the likelihood of the threat being realised and to assess its impact.
One approach to this is to make your best estimate of
the probability of the event occurring, and to multiply this by the
amount it will cost you to set things right if it happens. This gives
you a value for the risk.
3. Managing Risk:
Once you have worked out the value of risks you face, you can start
to look at ways of managing them. When you are doing this, it is important
to choose cost effective approaches - in most cases, there is no point
in spending more to eliminating a risk than the cost of the event if
it occurs. Often, it may be better to accept the risk than to use excessive
resources to eliminate it.
Risk
may be managed in a number of ways:
- By using existing assets:
Here existing resources can be used to counter risk. This may involve
improvements to existing methods and systems, changes in responsibilities,
improvements to accountability and internal controls, etc.
- By contingency planning:
You may decide to accept a risk, but choose to develop a plan to minimise
its effects. A good contingency plan will allow you to take action
immediately, with the minimum of project control.
- By investing in new resources:
Your risk analysis should give you the basis for deciding whether
to bring in additional
resources
to counter the risk.
4.
Reviews:
Once you have carried out a risk analysis and management exercise, it
may be worth carrying outregular reviews. These might involve formal
reviews of the risk analysis, or may involve testing systems and plans
appropriately.
Key points:
Risk analysis allows you to examine the risks that you
or your organisation face. It is based on a structured approach to thinking
through threats, followed by an evaluation of the probability and cost
of events occurring.
Risk analysis forms the basis for risk management.
Here the emphasis is on cost effectiveness. Risk management involves
adapting the use of existing resources, contingency planning and good
use of new resources.**
How
to Evaluate and Manage the Risks You Face