TABLE OF CONTENTS The purpose of risk assessment is to make better decisions about future actions in an uncertain environment; however, much of risk management is about understanding the potential for risks and their consequences, and potential is sometimes difficult to sell to senior managers. For example, when it comes to making value judgements about risks, for some, it will not be viable to impose a rationalized approach whatever its logical benefits. With this in mind the objective of using the qualitative and quantitative methods outlined in points 2.2 and 3.4 above is to assist the project manager in making decisions about prioritizing risks in terms of severity and potential impact on the project or organization.
To effectively compare identified risks, and to provide a proactive perspective, the method of prioritization should consider three factors:
The probability of the risk occurring
The impact of the risk
The exposure.
To recap from our discussions in Chapter 2, risk is composed of two factors, that is risk probability and risk impact. Risk impact measures the severity of adverse effects, or the magnitude of a loss, if the risk comes to pass. Deciding how to measure sustained losses is not a trivial matter. If the risk has a financial impact, a s value is the preferred way to quantify the magnitude of loss. The financial impact may be long-term costs in operations and support, loss of market share, short-term costs in additional work, or lost opportunity cost.
