What is a risk assessment, and why would we prepare one? In this lesson, we’ll learn what it is, why it’s needed, and how to prepare a risk assessment and rank potential risks for our business.
What Is a Risk Assessment?
Every business has the possibility of a situation that adversely impacts operations. A risk assessment determines the most likely impacts so that contingency plans can be developed to prevent or mitigate them.
Events that Need to be Addressed
As mentioned, a risk assessment should include any event that might disrupt operations. Here are some specific areas to include:
- Natural disasters: Natural disasters would include anything caused by nature, such as a hurricane, fire, or earthquake.
- Crises: A crisis would be an unusual situation not caused by nature that results in damage to people or property.
Examples might be worksite accidents or an angry customer who threatens staff.
- Personnel issues: Personnel issues would include situations like the unexpected death of the company president or a strike by organized employees.
- Data loss: Data loss includes both accidental and deliberate situations that result in the loss of key information. This could happen due to a natural disaster that damages storage equipment, the pressing of the ‘delete’ key by a poorly trained employee, or criminal action, such as sabotage.
- Mismanagement of operations or facilities: Mismanagement that impacts operations could be deliberate (i.e. theft) or could result from not completing critical duties.
- Product issues: Product issues can result from a problem with the product that leads to bad publicity or even a recall, or to a large order that requires reallocation of plant resources.
Process for Assessing Risks
To develop the risk assessment, we first should list out possible events, and then determine their likelihood and impact.
1. Determine Possible Risks
To begin, we need to list out all the possible events that could disrupt operations. So for example, our consulting business might include risks from data loss due to server damage or to employee error, and the risk of a primary consultant unexpectedly quitting mid-project.
2. Determine the Likelihood and Impact of Risks
Some of our risks will regularly impact our operations, and some may be once-in-a-lifetime possibilities. Part of the assessment process is to rank each item, and determine which are the most critical:
- List all possible events that could disrupt operations.
- Give each one an impact-on-operations ranking from 1 to 10, with 1 being minor and 10 being loss of the business.
For example, an explosion at the plant might be a 10, while a fire at a specific machine might be a 3. We might rank both data loss due to server failure and the impact of a primary consultant quitting unexpectedly as a 7.
- Give each one a likelihood ranking based on how frequently you think it might occur. It might be useful to make a chart for this, with a 1 = might happen once in 100 years, where a 10 = might happen once a month.
We might rank the server failure as a 7, since we only expect our servers to last about 3 years. The likelihood of a senior consultant quitting unexpectedly we might only rank as a 3, due to the professionalism of our staff and the fact that they would lose their bonus.
- Multiply the impact on operations ranking by the likelihood ranking to get a total score for each possible event. Our server failure is scored at 7 x 7 = 49, while our primary consultant quitting is scored at 7 x 3 = 21.
3. Rank Possible Risks
Finally, we will use the calculated scores to rank the events in order, from highest to lowest score.
Our current ranked list in our example would be:Server failure: 49Primary consultant quitting: 21Once the list of possible risks has been created and ranked, contingency plans will be developed to prevent or mitigate the most serious items identified.
Let’s review all that we’ve learned. A risk assessment determines the most likely impacts so that contingency plans can be developed to prevent or mitigate them. It’s essentially a review and ranking comparing of all situations that might impact the operations of a company. Because of the process of comparative ranking, risk assessments are also really good at determining which potential risks are the most serious to the well-being of a company and its employees and customers. Several potential events need to addressed in a risk assessment, including natural disasters, crises, personnel issues, data loss or theft, mismanagement, and product issues.The three steps of developing a risk assessment are:
- Determine the possible risks
- Determine the likelihood and possible impact of the risks
- Rank the risks by severity
We compare the risks by multiplying the anticipated impact rating by the likelihood of occurrence rating for each risk, and then compare the resulting score: whichever is higher is the greater risk.
Risk Assessment Overview
|Risk assessment||determines the most likely impacts so that contingency plans can be developed to prevent or mitigate them|
|Disruptive events||natural disasters, crises, personnel issues, data loss, mismanagement of operations or facilities, and product issues|
|Risk assessment process||list all possible events, give each one an impact-on-operations ranking from 1 to 10, give each one a likelihood ranking based on how frequently you think it might occur, and multiply the impact on operations ranking by the likelihood ranking to get a total score for each possible event|
As soon as you complete the lesson, you can assess your ability to:
- Define risk assessment and specify its purpose
- List possible disruptive events to include in a risk assessment
- Outline the process for developing a risk assessment