2. Risk evaluation
Risk evaluation is the process of identifying and measuring risk. It is a fundamental
business practice that can be applied to investments, strategies, commercial
agreements, programs, projects and operations. The following are the basic steps of a
risk evaluation process.
1.Identification
2.Probability & Impact
3. Moment Of Risk
4.Treatment
5.Secondary Risk
6.Residual Risk
7.Monitoring & Review
3. 1. Identification
All stakeholders are asked to identify risk. This helps to improve acceptance of an
initiative as everyone is given an opportunity to express all the things that can go wrong.
Sophisticated entities may also identify risks by looking at databases of issues that
occurred with similar programs, strategies or projects.
2. Probability & Impact
Estimating the probability and impact of each identified risk. This can be done as a rough
estimate such as high, medium or low. In reality, most risks don't have a single cost but a
probability distribution of possible costs. For example, the risk of a traffic accident isn't a
single cost but a range of costs each with an associated probability estimate.
Sophisticated entities such as insurance companies will model risks with probability
distributions. Projects may estimate risks with a probability-impact matrix.
4. 3. Moment Of Risk
Listing out the specific conditions that cause the risk to be more likely to occur. For
example, the risk of a type of injury at a construction site may be associated with a
particular activity or construction stage.
4. Treatment
Risk treatment options include acceptance, mitigation, transfer, sharing and
avoidance. When a risk is mitigated or shared the probability and impact typically
need to be reevaluated.
5. Secondary Risk
Evaluation of risks caused by treatments. For example, avoiding or mitigating a risk
can result in new risks.
5. 6. Residual Risk
Calculating the probability and impact of remaining risk after treatment. For
example, the risk that remains after mitigation including secondary risk.
7. Monitoring & Review
Regularly identifying new risks that become clear as a program or project
progresses. Overseeing the implementation of risk treatment and evaluating results.