2. WHAT IS A RISK ASSESSMENT?
It is a way of determining risks and dangers in work
places.
In risk assessment we think about what might cause harm/risk to a project
or workplace and decide whether you are taking reasonable steps to
prevent that harm.
If the harm/risk cannot be avoided in a safe way, then the risk
assessment will say that the activity shouldn’t be carried
out.
3. CONTINUED…
Risk assessment involve 2 things…
Identifying and analyzing potential (future) events that may have a
negative impact on project.
For example Risk Analysis.
Making judgments "on the tolerability of the risk on the basis of a risk
analysis" while considering influencing factors.
For example Risk Evaluation.
4. CONTINUED…
In simple words, risk assessment analyzes what can go wrong…
How likely it is to happen…
What the potential consequences are…
How tolerable the identified risk is.
Based on this Risk Assessment, the impact of risk can be expressed as
quantitative or qualitative.
5. HOW TO DO RISK ASSESSMENT
There are no fixed rules for this.
But a few general principles.
Five(5) steps are followed to ensure risk assessment is done correctly.
6. STEPS IN RISK ASSESSMENT
Identify
Hazards
Risk Analysis
Risk
Evaluation
Risk Control
Review
7. STEP 1 IDENTIFY HAZARDS
The process of finding, listing, and characterizing hazards.
Difference between Hazard and Risk.
A Hazard is ‘something with the potential to cause harm’.
Risk is the chance, high or low, that somebody or something could be
harmed by these and other hazards.
It can be identified by using many methods, for example asking employees,
monitoring carefully.
8. STEP 2 RISK ANALYSIS
A process for understanding the nature of hazards and determining the
level of risk.
It tells who or what might be harmed and how.
It provides basis for risk evaluation and decisions about risk control.
Includes data, analysis, opinions, interests of stakeholders.
9. STEP 3 EVALUATION
After identifying hazard and analyzing risk we evaluate them.
The hazards can either be removed completely…
Or the risks can be controlled so that the its effect is unlikely.
If there is no way to eliminate a risk use precaution.
For example, try and carry out a less risky activity.
It is done usually using Risk Assessment Matrix.
10. STEP 4 RISK CONTROL
Implementing actions after risk evaluation decisions.
1. Elimination – get rid of the risk altogether.
2. Substitution – exchange one risk for something less likely or severe.
3. Physical Controls - eliminate contact with the hazard.
Risk control can involve monitoring and re-evaluation.
11. STEP 5 MONITOR AND REVIEW
You must ensure that the control measures are achieving the desired level
of control.
You must review the assessment on a regular basis or if anything changes.
For example, new staff, change in machinery or process.
Use Project Risk Register to monitor, review and track risks.
Review your assessment and update if possible.
12. WHEN TO DO?
Before new processes or activities are introduced.
Before changes are introduced to existing processes or activities
When hazards are identified.
13. WHO SHOULD DO?
Risk assessments should always be carried out by a person who is
experienced and competent.
Competence can be expressed as a combination of Knowledge, Awareness,
training, and experience.
Competence does not mean knowing everything.
Competence means knowing when to call for help or assistance.
15. WHAT IS IT?
A risk assessment matrix is a is a project management tool used during
risk assessment.
Its main function is to prioritize risks.
Based on likelihood or probability(on Y-axis) and impact(on X-axis) of a
risk.
Also known as risk matrix.
16. CONTINUED…
It falls under the qualitative and quantitative risk analyses process.
Typically looks like a chart and contains the following columns…
Probability
Impact
Ratings
Rankings
Rating is calculated as…
Probability of risk * Impact of risk
18. LIKELIHOOD
The likelihood of a risk is broken down into parts as…
Very Likely A risk that is almost certain to show-up during project
execution. More then 80% chances.
Likely Risks that have 60-80% chances of occurrence can be
grouped as likely.
Possible Risks which have a near 50/50 probability of occurrence.
Unlikely Risks that have a low probability of occurrence but still can
not be ruled out completely. Almost 20-40 % chances
Very
Unlikely
Rare and exceptional risks which have a less than 10%
chance of occurrence.
19. RISK IMPACT
Risk impact refers to how much the risk, if it occurs, will effect the project
scope, cost or schedule.
Insignificant Risks that bring no real negative consequences or pose no
significant threat to the organization or project.
Minor Risks that have a small potential for negative consequences but
will not significantly impact overall success.
Moderate Risks that could potentially bring negative consequences, posing
a moderate threat to the project or organization.
Critical Risks with substantial negative consequences that will seriously
impact the success of the organization or project.
Catastrophic Risks with extreme negative consequences that could cause the
entire project to fail or severely impact daily operations of the
organization.
20. CLASSIFYING AND PRIORITIZING RISK
Matrix Insignifi
cant
Minor Moderat
e
Critical Catastr
ophic
Rare Low Low Medium Medium High
Unlikel
y
Low Medium Medium Medium High
Possible Low Medium Medium High Critical
Likely Medium Medium High High Critical
Very
Likely
Medium High High Critical Critical
Apart from other divisions, Matrix has 4
major zones.
A low-risk zone that is considered acceptable,
consequences of the risk are minor, These
types of risks are generally ignored (Green).
A moderate risk zone that may or may not be
acceptable, come with slightly more serious
consequences, If possible, take steps to
prevent medium risks from occurring
(Yellow).
Impact
Probability
21. CLASSIFYING AND PRIORITIZING RISK
A high-risk zone that is considered unacceptable, these are serious risks that
both have significant consequences, and are likely to occur. Prioritize and respond
to these risks in the near term. (Orange).
A critical-risk zone that is considered extremely unacceptable, Catastrophic
risks that have severe consequences and are highly likely to occur, these risks are
the highest priority. You should respond to them immediately, as they can threaten
the success of the organization or project. (Red)
22. AFTER RANKING
Once you’ve ranked your risks, you can make a risk response plan.
A risk response plan is about…
To prevent or address those risks that are “high” or “extreme.”
You may not need to respond to risks ranked “low” or “medium” before work
begins.
Response for the risk depend upon both priority or rating and ranking.
23. WHY TO USE RISK MATRIX
In risk assessments, you don’t have to use a risk matrix…
If you have identified hazards and have a plan to avoid risks.
Why use matrix…
To understand the severity of risks being caused.
To rank or prioritize risk.
To prevent major risks at time to avoid negative consequences.
24. EXAMPLE
A risk with probability of 4 and
impact of 3
4 * 3 = 12
A risk with probability of 5 and
impact of 2
5 * 2 = 10
A risk with probability of 2 and
impact of 5
2 * 5 = 10
So in all the risk after prioritization
we will plan to handle the risk
according to their ranking.
Matrix 1 2 3 4 5
5 5 10 15 20 25
4 4 8 12 16 20
3 3 6 9 12 15
2 2 4 6 8 10
1 1 2 3 4 5
Impact
Probability