How to assess risks
The second step in the risk management process is to estimate or assess the risk. Like a CFO, you need to assess risks in terms of their likelihood and potential impact. Risk estimation should be the basis for determining an organization or department’s level of tolerance or aversion to a risk.
The likelihood and potential severity of a risk materializing are crucial considerations. They can help your department figure out which risks are most important to tackle. While some risks may have severe consequences, the likelihood of those risks materializing may be low.
When estimating risks, it’s vital you use a combination of quantitative and qualitative approaches to assess their likelihood and potential impact:
- quantitative — Quantitative analysis involves applying numerical values to risk levels. Information about potential costs or the number of products or customers affected is often used to calculate the severity of the risk. In general, this method depends on reliable and objective data, and is most appropriate when specific figures are available. That’s why it’s suitable for large organizations that can provide enough data to carry out an extensive analysis.
- qualitative — Qualitative analysis involves a subjective approach to assessing risks. It often relies upon the experience and knowledge of technical experts and uses anecdotal evidence to predict the likelihood of a risk. This method is useful for differentiating risks that can be disregarded, those that require further analysis, and those that should be prioritized. It’s also appropriate for smaller organizations as it doesn’t require extensive data.
Bear in mind that ideally you should use a combination of qualitative and quantitative approaches. When estimating probability, you need a thorough understanding of the risk involved. This can be achieved by using data gathered from recent analyses. But experience and intuition are also valuable assets when estimating risks.
Read more on Medium.com