Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Risk Management: Defining Risk Scales

Understanding and quantifying risk is essential to the success and resilience of any project or business. The foundational elements of risk—probability and impact—are the cornerstones upon which you conduct risk assessments. However, these assessments will lead to confusion and misinterpretation without a shared understanding of the scales used. This article explores the process of defining risk scales to ensure clarity, consistency, and effectiveness.

The Problem of Ambiguity

At its core, risk is defined as an uncertainty that, if it occurs, would affect one or more objectives. This definition encapsulates two critical dimensions: the likelihood of the event happening (probability) and the potential consequences (impact). Risks are typically categorized using descriptive labels such as High, Low, Negligible, and Catastrophic. It is common, though not mandatory, to have five categories each for probability and impact, resulting in a five-by-five risk matrix. 

In practice, this method is used without precision, leading to significant misunderstandings. For instance, a "Low probability" risk classification could mean a one-in-a-thousand chance event to someone, while another person believes it simply means a less than 50% likelihood. The problem with such ambiguous classifications seems obvious, but many companies use them in this naive, unqualified manner.  

The solution lies in defining specific scales for probability and impact tailored to each unique situation. This standardization ensures that all risk assessments within a given context (whether a project or organization) adhere to the same criteria, eliminating the guesswork and variability in interpretation. For example, a project team might agree that "Low probability" corresponds to a 10-30% chance of occurrence, while "High impact" signifies a delay of over 12 months or a cost increase exceeding $100,000. 

Defining the Probability Scale

Defining probability is generally straightforward and involves dividing the 1-99% probability range into distinct categories. A typical practice is to segment the 1-99% range into evenly distributed categories. For example, a standard five-category probability scale might include the following divisions:

  • Very Low: 1-20%
  • Low: 21-40%
  • Medium: 41-60%
  • High: 61-80%
  • Very High: 81-99%

In this example, if a project faces a risk with a 30% chance of occurrence, it would be assessed as "Low probability." 

Defining the Impact Scale

Quantifying impact presents a more significant challenge, as it requires evaluating what constitutes a tolerable versus intolerable outcome. Such assessments will vary by organization and reflect its size, culture, risk appetite, and goals. A $10,000 budget blowout might be disastrous in a small business but negligible in a large government department. The responsibility for defining these scales typically falls to those with the most at stake—the project sponsor or the manager in charge of the relevant business unit. 

Organizations most commonly express risk impact in terms of cost or time. Other objectives can be affected by risk (such as reputation and quality), but these are sometimes more challenging to quantify. You begin by identifying the level at which the impact is utterly intolerable--this becomes your highest impact category. Next, define the point at which the impact is negligible, which becomes your lowest category. Filling out the intervening categories is usually straightforward. 

Here is a detailed example using project cost as our metric. We begin by identifying a cost overrun so substantial that it endangers the project's viability. In this case, the project sponsor says a 30% cost overrun would lead to project cancellation, and we label this a "Catastrophic" impact.  

Conversely, the "Negligible" impact category is a minor cost that the project can absorb without adjusting its financial strategy or overall objectives. The sponsor defines these as cost overruns of up to 1% of the project's budget. With the extreme thresholds established, we fill in the intermediate categories. Here is the complete scale:

  • Negligible Impact: Cost overruns within this category are so minor that the project can absorb them without financial adjustment. These are increases up to 1% of the original project budget. 
  • Low Impact: Cost overruns in this category are manageable within the project's contingency budget, constituting increases of 1% to 5% over the original budget. 
  • Medium Impact: This category encompasses cost overruns that necessitate a thorough review and possible adjustments to the project's budget or scope. We define them as increases from 5% to 15% of the project's budget. 
  • High Impact: This category represents severe financial strain and includes cost overruns ranging from 15% to 30% of the original budget. 
  • Catastrophic Impact: Cost overruns in this category exceed 30% of the project's budget, posing a critical threat to the project's viability.

You can construct such scales for other objectives, such as time, performance, or quality.

Risk Register by ProjectBalm

Defining risk scales is much easier with an appropriate tool. This is one reason we created Risk Register by ProjectBalm.

Our goal was to automate best practice risk management techniques, and do so via an elegant, usable interface that works with you, and not against you. Risk Register will help you to identify, analyse, treat and monitor risks more easily and effectively than ever before.

If you are experienced at risk management, you will find in Risk Register a tool that works the way you want it to work. If you are new to risk management, our documentation and videos will take you through the whole risk management process, giving lots of useful examples.

Risk Register is fully compatible with risk management standards such as ISO 31000, and can also be used for governance, risk, and compliance (GRC) programs such as Sarbanes-Oxley and PCI. And, of course, Risk Register allows you to easily distinguish between opportunities and threats.

ops and risks.PNG

Over the last few years, we've grown to become the most popular risk management solution in the Jira marketplace and we are now an Atlassian Platinum Partner. Why not try out Risk Register by ProjectBalm for yourself?

0 comments

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events