Risk Management > Common > Risk Analysis

Risk Analysis Definition: The study of the underlying uncertainty of a given course of action. Risk analysis refers to the uncertainty of forecast future cash flows streams, variance of portfolio/stock returns, statistical analysis to determine the probability of a project's success or failure, and possible future economic states. Risk analysts often work in tandem with forecasting professionals to minimize future negative unforeseen effects. Almost all sorts of large businesses require a minimum sort of risk analysis. For example, commercial banks need to properly hedge foreign exchange exposure of oversees loans while large department stores must factor in the possibility of reduced revenues due to a global recession. Risk analysis allows professionals to identify and mitigate risks, but not avoid them completely. Proper risk analysis often includes mathematical and statistical software programs.

Risk analysis is the process of defining and analysing the dangers to individuals, businesses and government agencies posed by potential natural and human-caused adverse events. In IT, a risk analysis report can be used to align technology-related objectives with a company's business objectives. A risk analysis report can be either quantitative or qualitative. In quantitative risk analysis, an attempt is made to numerically determine the probabilities of various adverse events and the likely extent of the losses if a particular event takes place. Qualitative risk analysis, which is used more often, does not involve numerical probabilities or predictions of loss. Instead, the qualitative method involves defining the various threats, determining the extent of vulnerabilities and devising countermeasures should an attack occur. The progression of risk cases should be managed continuously.

Tasks that use this form

Create new risk

Create a risk incident

Analyse a risk

Navigating the form

The following tables provide descriptions for the controls in this form:

Risk analysis Action Pane

Actions

Description

Risk New

Create a new Risk

Edit

Edit a risk record

Delete

Delete a risk record

Incident

Create a new incident from this risk.

Change specification

This function will allow you to change the risk priority specifications. (Type, Impact and Likelihood)

Update characteristics

This allow for the update of risk characteristics and risk actions created for this risk type.

Refer a risk

This function is used to refer the risk and give a reason for the referral.

Status

The function is used to change the status of the risk as the responsible person progresses through the mitigation of the risk.

Filtering records for Risks

The following fields provide the controls for filtering the records in this form. Select the filtering criteria and tick the indicator box to use the selected information.

Field

Description

Risk ID

This field is system generated a code or number uniquely identifying the risk that was raised.

Risk type

This field defines specific classification of the different types of risk. This is definable with a base data table. There are many different types of risk that risk management plans can mitigate. Common risks include things like accidents in the workplace or fires, tornadoes, earthquakes, and other natural disasters. It can also include legal risks like fraud, theft, and sexual harassment lawsuits. Risks can also relate to business practices, uncertainty in financial markets, failures in projects, credit risks, or the security and storage of data and records.

Date/time reported

This field indicates the date and time when the risk was raised and reported on the system.

Risk status

This field defines the status action of the risk, and indicates in what state the risk is.

Overdue

Tick the indicator to filter on all the risks that are over the reported due date.

Risk Specific View

The different tab pages will display all the risk information for the selected filtering information.

Tab name

Field name

Field description

Overview

Flag - Priority

The urgency in which risk has to be resolved e.g. Urgent, Normal is displayed. Select the priority for the risk specific. The flag will indicate the priority of the risk.

Flag - Due Status

The due Status indicates if the risk is overdue or in progress.

Flag - Due date

The flag indicates how soon due date is for the risk.

Risk ID

This field is system generated a code or number uniquely identifying the risk that was raised.

Risk Description

This is a short detailed description to define the risk.

Risk type

This field defines specific classification of the different types of risk. This is definable with a base data table. There are many different types of risk that risk management plans can mitigate. Common risks include things like accidents in the workplace or fires, tornadoes, earthquakes, and other natural disasters. It can also include legal risks like fraud, theft, and sexual harassment lawsuits. Risks can also relate to business practices, uncertainty in financial markets, failures in projects, credit risks, or the security and storage of data and records.

Risk Sub-Type level 1

This field defines the next level of classification of the selected risk type. (For example: Risk type = Financial, Sub types level 1 = Accountability, Strategy and External). There can be multiple sub types for a risk type.

Sub-type level 2

Define a unique identifying code for a risk sub-type. This field defines the next level of classification of the selected risk type and sub type level 1. (For example: Risk type = Financial, Sub types level 1 = Accountability, Sub types level 2 = Fraud, Misrepresentation, Incompetent). There can be multiple sub types for a risk type.

Priority

Risk priority is per definition the rating resulted by combining the assessed likelihood of a risk to occur (i.e. risk probability) and its projected impact.

Date/time reported

This field defines the date/time that the risk was raised in the system.

Risk status

This field defines the status action of the risk, and indicates in what state the risk is.

General

Risk ID

This field is system generated a code or number uniquely identifying the risk that was raised.

Risk Description

This is a short detailed description to define the risk.

Risk status

This field defines the status action of the risk, and indicates in what state the risk is.

Stage risk

This field can be used if the different status actions have various stages assigned on which you want to work/report.

Specific

Risk type

This field defines specific classification of the different types of risk. This is definable with a base data table. There are many different types of risk that risk management plans can mitigate. Common risks include things like accidents in the workplace or fires, tornadoes, earthquakes, and other natural disasters. It can also include legal risks like fraud, theft, and sexual harassment lawsuits. Risks can also relate to business practices, uncertainty in financial markets, failures in projects, credit risks, or the security and storage of data and records.

Risk appetite

Risk Appetite is a method to help guide an organisation’s approach to risk and risk management. The level of risk that an organisation is prepared to accept, before action is deemed necessary to reduce it. It represents a balance between the potential benefits of innovation and the threats that change inevitably brings. Organisations have to take risk to make a profit, or deliver value to their stakeholders. The level of risk they pursue is their appetite for risk. But they may be able to tolerate, or absorb, a different level of risk without significant impact on achieving their strategic objectives. This is their tolerance.

The appropriate level will depend on the nature of the work undertaken and the objectives pursued. For example, where public safety is critical (e.g. operating a nuclear power station) appetite will tend to be low, while for an innovative project (e.g. early development on an innovative computer program) it may be very high, with the acceptance of short term failure that could pave the way to longer term success.

Risk importance

Define the risk importance that is used as a measurement instrument when assessing risk. This indicates the seriousness of the risk materialising, and can for example scored on a scale of 1 – 5. The higher the value of importance (1=Negligible and 5=Catastrophic), the higher is the risk.

Risk Sub-Type level 1

This field defines the next level of classification of the selected risk type. (For example: Risk type = Financial, Sub types level 1 = Accountability, Strategy and External). There can be multiple sub types for a risk type.

Risk appetite

See definition under the Risk type = Risk appetite.

Risk importance

See definition under the Risk type = Risk importance.

Sub-type level 2

Define a unique identifying code for a risk sub-type. This field defines the next level of classification of the selected risk type and sub type level 1. (For example: Risk type = Financial, Sub types level 1 = Accountability, Sub types level 2 = Fraud, Misrepresentation, Incompetent). There can be multiple sub types for a risk type.

Risk appetite

See definition under the Risk type = Risk appetite.

Risk importance

See definition under the Risk type = Risk importance.

Impact

This field defines the impact and is the effect a risk has if it does occur. It can also be defined on a relative scale or mathematically. The definition for impact is developed during risk management planning. The team documents in the project management plan detail how probabilities and impacts are measured. For example, a red/yellow/green scale might be used, where high-probability, high-impact risks are red; low-probability, low-impact risks are green; and so forth. A probability and impact matrix can also be used.

Risk impact defines the assessment of the process for assessing the probabilities and consequences of risk events if they are realised. The results of this assessment are then used to prioritise risks to establish a most-to-least-critical importance ranking. Ranking risks in terms of their criticality or importance provides insights to the project's management on where resources may be needed to manage or mitigate the realisation of high probability/high consequence risk events.

Likelihood

Likelihood is the chance that something might happen again or re-occur. Likelihood can be defined, determined, or measured objectively or subjectively and can be expressed either qualitatively or quantitatively (using scale calculations). This represents the likelihood of the risk materialising, and can for example scored on a scale of 1 – 5. The higher the value of likelihood (1=Rare and 5=Almost certain).

Priority

Risk priority is per definition the rating resulted by combining the assessed likelihood of a risk to occur (i.e. risk probability) and its projected impact.

Stakeholder

A stakeholder is a person or an organisation that can affect or be affected by a decision or an activity. Stakeholders also include those who have the perception that a decision or an activity can affect them.

Analysis

Duration response

This field defines the duration for the risk to be investigated/resolved.

UOM code response

This field defines the unit of measure that was used to define the duration time.

Date/time respond

This field defines the date/time by which the responsible person should respond on the risk.

Review date

This field defines the date when the risk should be reviewed for further action.

Referred risk

This field defines if the risk was referred for further investigation.

Monetary loss

This field defines the monetary loss scoring that indicates the level of loss.

Business loss

This field defines the business loss scoring that indicates the level of loss.

Risk cause

This field defines the cause of the risk. Select from pre-defined causes.

Effect

This field defines the effect of the risk on the business.

Dates

Date/time reported

This field defines the date/time that the risk was reported on the system.

Date observed

This field defines the date/time that the risk was observed.

Review date

This field defines the date when the risk should be reviewed for further action.

Actual duration

This field defines the actual time for the risk to be resolved.

Actual UOM code

This field defines the unit of measure that was used to define the actual duration time.

Completed date

This field defines the date/time when the risk was completed.

Plan duration

This field defines the time that was planned to complete the investigation/resolve the risk.

Plan UOM code

This field defines the unit of measure that was used to define the planned duration time.

Earliest resolution

The field defines the earliest date that the risk will be resolved if all the risk actions are run in parallel with each other.

Latest resolution

The field defines the latest date that the risk will be resolved if the risk actions runs one after the other.

Characteristics

Group

This field defines the group and is an unique code that is user definable.

Characteristic code

Select a characteristic from the list of available values from the pre-defined drop down list in base characteristics. The field is used to identify the characteristic. The characteristic type, object type and code uniquely identify the characteristic.

Description

The description of the Characteristic.

The variables display according to the characteristic that is created for the selected risk.

Service lines

Risk description

This field defines the description of the risk on the service line.

General

Service type

Select from the drop down the area that will be affected/impacted by the risk that was raised. Multiple service areas can be affected, and the service type differentiate between service catalogue areas, objects or resources.

Service code

This field defines the type = service catalogue and select from the pre-defined service catalogue records the code.

Type of resource

This field defines the resource type that will be impacted by risk. (For example resource type = Trade)

Resource code

This field defines the resource code that will be impacted by risk. (For example resource code of trades = mechanic)

Object code

This field defines the object that will be impacted by risk. (For example object type = Vehicle)

Structure code

This field defines the structure position that will be impacted by risk.

Specific ID

This field is selected to define the specific asset that will be impacted by this risk.

Setup

Risk description

This field defines the description of the risk on the service line.

Date/time reported

This field defines the date/time that the risk was reported on the system.

Organisation

This field defines the organisation that will be impacted by this risk.

Organisation structure

This field is the structure position of the organisation impacted by the risk.

Location code

This field defines the location that will be impacted by this risk.

Location structure

This field is the structure position of the location impacted by the risk.

Planned duration (hours)

This field defines the planned duration for this risk actions to be completed.

Planned UOM

This defines the unit of measure that will be used to calculate the planned duration for the risk actions to be completed.

Actual duration

This field defines the actual duration for this risk actions to be completed.

Actual UOM

This defines the unit of measure that will be used to calculate the actual duration for the risk actions to be completed.

Analysis Detail

This following tabs allow for the analyse process of the risk.

Tabs

Field

Description

Assumptions

Description

This field defines the detail of the assumption that was reached during the analysis and treating of the risk. Assumptions can be added during the analysis and treatment of the risk. Create new assumptions or delete an assumption that was added to the risk.

Uncertainties

Description

This field defines the detail of the uncertainties that was found during the analysis and treating of the risk. Create new uncertainties or delete that was added to the risk.

Additional information

Comment

This field defines the additional detail on the analysing of the risk.

Cause

Comment

This field defines the cause detail on the analysing of the risk.

Effect

Comment

This field defines the effect detail on the analysing of the risk.

Risk Actions

This following tabs allow for the add/delete of risk actions to the selected risk.

Tab

Field

Description

Action

Sequence

This defines the sequence order in which the risk actions will be executed/investigated.

Characteristic code

The field is used to identify the characteristic. The characteristic type, object type and code uniquely identify the characteristic.

Action description

This is a short detail description of what needs to happen with this risk action.

Response

Response time

This defines the actual time it takes for the responsible person/s to reacted to the risk.

Date/time respond

This is defines the date/time by which the responsible person should respond to this actions.

Actual UOM

This defines the unit of measure that will be used to calculate the actual duration for the risk actions to be completed.

Responsible person

This defines the detail of the person responsible to act on the risk action to ensure that the risk is mitigated.

Calculated date

This field will be updated when the status of the risk is changed to Treat.

Date updated

This field will be updated when the action record is modified on the response time.

Cost

Budget cost

This field define the budget cost value to do this risk action.

Actual cost

This field define the actual cost value to do this risk action.

Variables

UOM

This field is the type of unit of measure (UOM), select from the available drop down list. Available values are METER, CALENDAR, and QUANTITY.

UOM code

A definable code uniquely identifying the UOM, for example UOM=QTY: km, ea. or lit.

Currency code

If the characteristic class is specified currency, then only will this field be populated. This field uniquely identifying UOM value that will be stored, for example: Rand, US Dollar or Euro.

Date

This field is the default date value, and is ONLY editable if the characteristic class is date.

Indicator

This is the default value if the characteristic is of type Indicator. Default indicator is mandatory if the specific indicator has NOT been set and the mandatory indicator HAS been set.

Text

This field is the text/detail, and is NOT editable if the characteristic class is date, numeric or currency.

Quantity

The field define the quantity value for the action characteristic.

Default colour

If the characteristic class is of the value colour, the default colour can be changed to a new colour by selecting from the drop down colour list.

General

Group

This field defines the group and is an unique code that is user definable.

Description

This is the description of the risk action.

Calculated date

This field will be updated when the status of the risk is changed to Treat.

Date updated

This field will be updated when the action record is modified on the response time.

Status

This is status of the risk action.

Related details in Fact Boxes

The related detail in fact boxes view is displayed only in the line view of the form.

Fact Boxes

Description

Risk per priority

This is a list of all the risks grouped into the priorities.

Risks per status

Display the list of all the risks grouped into the various risk statuses.