Project Management
A project team brainstorms risks with the input of the entire team and required subject matter experts such as an information security professional. They estimate probability and impact for each risk in a probability/impact matrix.Program Management
An IT program composed of dozens of projects models the risk of projects being late or overbudget using reference class forecasting, a method of comparing projects to historical projects with similar scope and risk profiles.Equity Analyst
An equity analyst develops indepth knowledge about a company and its industry in order to evaluate risks and rewards associated with a stock. If they downgrade a stock they may provide a list of high level risks associated with the firm in a note to investors.Risk Analyst
A risk analyst may use statistical analysis to evaluate the risks associated with a particular investment or class of investments. They may use a large number of variables to estimate the probability of losses as a probability distribution. For example, the probability of a 10% loss on a particular investment might be 3% and the probability of a 100% loss might be 0.3%.Small Business
A small business lists out risks associated with a strategy to open a new retail location. They evaluate probabilities on a scale of 1-4 labeled as "very likely", "likely", "possible", "remotely possible". They evaluate impact on a scale of 1-4 labeled as "disaster", "high", "medium", "low." The business then uses the evaluations to prioritize efforts to avoid, transfer, reduce or accept each risk.Summary
Risk assessment is mostly about identifying risks and assessing their probability and impact in order to calculate or categorize risk exposure. This can get complex if you consider that each risk can have different levels of impact each with different probabilities of occurring.Overview: Risk Assessment | ||
Type | ||
Definition | The process of gathering risk intelligence, identifying risks and evaluating their probability and impact. | |
Value | Risk assessment is a significant component of risk management - the process of identifying, evaluating and treating risk. | |
Related Concepts |