Session 4: Risk assessment
In the last session you looked at how to identify a risk and considered the importance of understanding all of the root causes and the consequences of a risk. Thorough risk identification is a fundamental precursor to what will be covered in Session 4 – assessing a risk. Assessing the risk is the next step in the ISO 31000 standard, referred to as analysis and risk evaluation. In particular you will cover:
- the different points at which risk can be assessed
- the importance of time when making an assessment
- how to assess risks in a quantitative and qualitative way
- why using consistent units of measurement is important in assessing risk
- why it is important to understand the impact and probability of each consequence
- the iterative nature of risk assessment and risk treatment
- complexity and connectivity of risks and how to deal with risks that have more than one consequence and with risks that can have the same consequences (aggregation).
By the end of this session, you should be able to:
- understand the process of arriving at an ‘assessment value’ for the risk – scores and Probability and Impact Diagrams (PIDs) (gross, current, residual)
- understand how to assess risk events (basic probability and impact assessment)
- understand ‘basis of estimate’ – including the Programme Evaluation and Review Technique (PERT)
- have an awareness of risk modelling – including Monte Carlo analysis and Schedule Risk Analysis (SRA).
Now begin Session 4.