Risk assessment is the process of determining the level of severity that a particular risk represents to you.
In order to assess a risk you need to have estimates for both its impact (the effect that the risk will have if it occurs) and its probability (the extent to which it is likely to occur).
Probability is estimated directly when you identify an item as a risk, since it is necessary to assign a probability of less than 100% to an item for it to be recognized as a risk.
In order to assess impact, you must first:
• Identify the objectives, such as cost, schedule, quality, safety, etc. which are of significance to you. Risks are defined by the impact they have on your objectives. A situation or occurrence which does not impact any of your objectives is not a risk as far as you are concerned.
• Decide upon the number of scale levels you want to use when assessing risks, and set your risk matrix size accordingly. This is normally done once and once only, shortly after the datafile is created.
• Set up impact assessment scales, one for each significant objective, so that impacts on a particular objective can be quantified based on a fixed standard. For example, a given cost increase might be regarded as a major increase by some people but only a minor increase by others, depending on their point of view. A fixed scale ensures a fixed assessment, regardless of viewpoint.
Mandrel provides a number of sample scales which can be used when setting up non-cost impacts.
• Since some objectives are often more important than others (for example, cost may be more important than quality, or safety more important than schedule), you can assign relative weights to objectives to indicate their relative importance. These weights are then used when calculating the overall impact of a risk which impacts several objectives.