3 How to go about assessing a risk
As stated earlier, the impact and probability must be considered in combination – not as discrete items – and the assessment must be made in line with any organisation guidance provided around expectations. In this section you will see how to assess a risk.
Firstly, consider the impact. Using the definition from Session 1, risk is defined as an uncertain event, but what most organisations are really interested in is risks that prevent them from achieving their objectives. The first step is therefore to understand the potential consequence(s) of interest to the organisation; this must be done bearing in mind that a risk can have more than one consequence. This may also mean in practice that some risks are discounted – those, for example, where the impact does not materially affect the company’s objectives.
Let us consider the risk inherent in driving a vehicle. While undesirable and something that should be avoided – both for the individual and for an organisation minor – ‘non injury’ accidents are of less concern than accidents that involve serious injury or fatalities. Therefore, if there are limited resources to manage the risk, as discussed in Session 5, the focus, individually and as an organisation, should be on reducing the risk associated with serious and fatal accidents. This approach, whereby a ‘single version of the truth’ is adopted, allows the organisation to fix the consequence(s) and focus on the root causes.
Activity 1 Road risks
Once root causes have been understood the next step is to ask how likely the consequence is to occur. It is an important point to remember that the aim is to understand how likely is it that the risk will lead to the consequence defined previously, because as stated earlier the probability and impact are coupled.