Scribd
Upload
344 views15 pages

BSR 654 Risk Analysis: Management

This document discusses risk analysis, which involves identifying risks, assessing their potential impact, and prioritizing the most problematic risks. It outlines the key steps in the risk analysis process: 1) identifying potential threats, 2) quantitatively and qualitatively analyzing identified risks, 3) determining the probability and impact of each risk, and 4) developing contingency plans. The document provides examples of how to classify and prioritize risks based on their probability, impact, and timeframe. The overall goal of risk analysis is to minimize future risk and develop effective mitigation strategies.

Uploaded by

Siti Nurhaslinda Bt Zakaria
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
344 views15 pages

BSR 654 Risk Analysis: Management

This document discusses risk analysis, which involves identifying risks, assessing their potential impact, and prioritizing the most problematic risks. It outlines the key steps in the risk analysis process: 1) identifying potential threats, 2) quantitatively and qualitatively analyzing identified risks, 3) determining the probability and impact of each risk, and 4) developing contingency plans. The document provides examples of how to classify and prioritize risks based on their probability, impact, and timeframe. The overall goal of risk analysis is to minimize future risk and develop effective mitigation strategies.

Uploaded by

Siti Nurhaslinda Bt Zakaria
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

RISK

MANAGEMENT
BSR 654

Lecture 3:
RISK ANALYSIS

By:
Sr Dr Mohd Fadzil Yasin
Introduction
• Risk analysis is the review of the risks associated with a
particular event or action.
• It is applied to projects, information technology, security
issues and any action where risks may be analyzed on a
quantitative and qualitative basis.
• Risk analysis is a component of risk management.
• Risks are part of every IT project and business endeavour. As
such, risk analysis should occur on a recurring basis and be
updated to accommodate new potential threats.
• Strategic risk analysis minimizes future risk probability and
damages.
Activities
Risk analysis is essentially a problem-seeking activity. It
Involves :
 identifying the sources of risk applicable to the
Project;

 assessing their probable impact on the project; and

 creating a “short list” of the more problematic


sources of risk in need of a specific response.
Risk Analysis Process
• Risk analysis involves examining how project
outcomes and objectives might change due to
the impact of the risk event.

• Once the risks are identified, they are analysed to


identify the qualitative and quantitative
impact of the risk on the project, so that
appropriate steps can be taken to mitigate them.
The following guidelines are used to analyse risks.
Risk Analysis Process
FOR EXAMPLE:
Risks are associated with individuals using a computer either incorrectly or inappropriately,
which creates security risks. Risks are also related to projects that are not completed in a
timely manner, resulting insignificant/huge costs.

THE STRATEGY:
• First STEP, potential threats are identified
• Next STEP, quantitative and/or qualitative risk analysis is applied to study identified risks.
• QUANTITATIVE risk analysis measures expected risk probability to forecast estimated
financial losses from potential risks.
• QUALITATIVE risk analysis usually does not use empirical data (numbers), but review
threats, determines and establishes risk mitigation methods and solutions, through written
report.
• A CONTINGENCY PLAN may be used during risk analysis. If a risk is presented,
contingency plans help minimize damage.
Risk Analysis Process
[Link] OF RISK OCCURRENCE
• High probability – (80 % ≤ x ≤ 100%)
• Medium-high probability – (60 % ≤ x < 80%)
• Medium-Low probability – (30 % ≤ x < 60%)
• Low probability - ( 0 % < x < 30%)

[Link] IMPACT
• High – Catastrophic / Bencana (Rating A – 100)
• Medium – Critical (Rating B – 50)
• Low – Marginal (Rating C – 10)
Example of Project Risk Dichotomy
Main view Alternative view
1 Financial Non- Financial
2 Human Non - human
3 Within control Beyond control
4 Internal External
5 Quantified Non quantified
Assessment cycle
As a guideline for Impact Classification the following
matrix is used:
Impact Classification Guidelines
The score represents bottom thresholds for the classification
of risks assuming “normal” conditions. An upgrade of the
score to the next or even next + 1 level is necessary, if the
risk is impacted by critical factors such as:
• How important the specific customer is
• Whether the project is critical for the further development
of the relationship with the customer
• The risk is already in the focus of the customer
• Specific penalties for deviations from project targets are
agreed in the contract with the customer
Risk Exposure
Risk Exposure or Risk Score is the value determined by multiplying the Impact
Rating with Risk Probability as shown below:-

Impact-Probability Matrix
The colours represent the urgency of risk response planning and determine
reporting levels.
Risk Occurrence Timeframe
The timeframe in which this risk will have an impact
is identified.
This is classified into one of the following:
In addition to classifying
risks according to the above
guidelines, it is also
necessary to describe the
impact on cost,
schedule, scope, and
quality in as much detail
as possible based on the
nature of the risk.
Risk Classification (examples)
Risk Analysis Outcomes
• Decision making & problem solving
• Mitigation Plan
• Risk Avoidance
• Absorb & Control Plan
Thank you

You might also like