Skip to content
Skip to main content

About this free course

Download this course

Share this free course

Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Session 4: Risk assessment


In the last session you looked at how to identify a risk and considered the importance of understanding all of the root causes and the consequences of a risk. Thorough risk identification is a fundamental precursor to what will be covered in Session 4 – assessing a risk. Assessing the risk is the next step in the ISO 31000 standard, referred to as analysis and risk evaluation. In particular you will cover:

  • the different points at which risk can be assessed
  • the importance of time when making an assessment
  • how to assess risks in a quantitative and qualitative way
  • why using consistent units of measurement is important in assessing risk
  • why it is important to understand the impact and probability of each consequence
  • the iterative nature of risk assessment and risk treatment
  • complexity and connectivity of risks and how to deal with risks that have more than one consequence and with risks that can have the same consequences (aggregation).
ISO 31000 diagram – risk analysis and risk evaluation
Figure 1 ISO 31000 diagram – risk analysis and risk evaluation

By the end of this session, you should be able to:

  • understand the process of arriving at an ‘assessment value’ for the risk – scores and Probability and Impact Diagrams (PIDs) (gross, current, residual)
  • understand how to assess risk events (basic probability and impact assessment)
  • understand ‘basis of estimate’ – including the Programme Evaluation and Review Technique (PERT)
  • have an awareness of risk modelling – including Monte Carlo analysis and Schedule Risk Analysis (SRA).

Now begin Session 4.