Analysing and evaluating risks
Once you have identified and created a list of possible risks to your business, you need to analyse and evaluate each one.
The most common way of analysing risks is to use a scale that rates each risk on:
- the likelihood of it occurring
- the consequences of it occurring.
| Level | Likelihood | Description |
|---|---|---|
| 4 | Very likely | Happens more than once a year in this industry |
| 3 | Likely | Happens about once a year in this industry |
| 2 | Unlikely | Happens every 10 years or more in this industry |
| 1 | Very unlikely | Has only happened once in this industry |
| Level | Consequence | Description |
|---|---|---|
| 4 | Severe | Financial losses greater than $50,000 |
| 3 | High | Financial losses between $10,000 and $50,000 |
| 2 | Moderate | Financial losses between $1000 and $10,000 |
| 1 | Low | Financial losses less than $1000 |
Note: The scales above use 4 different levels; however, you can use as many levels as you need. Also use descriptors that suit your purpose (e.g. you might measure consequences in terms of human health, rather than dollar value).
Once you have established the likelihood and consequences of a particular risk, you then need to create a risk rating table for evaluating the risk. Evaluating a risk means making a decision about its severity and ways to manage it.
Use the following formula to calculate risk rating: Likelihood x Consequences = Risk rating
For example, you may decide the likelihood of a fire is 'unlikely' (a score of 2) but the consequences are 'severe' (a score of 4). Using the tables above, a fire therefore has a risk rating of 8 (i.e. 2 x 4 = 8).
| Risk rating | Description | Action |
|---|---|---|
| 12-16 | Severe | Needs immediate corrective action |
| 8-12 | High | Needs corrective action within 1 month |
| 4-8 | Moderate | Needs corrective action within 3 months |
| 1-4 | Low | Does not currently require corrective action |
Your risk evaluation should consider:
- the importance of the activity to your business
- the amount of control you have over the risk
- potential losses to your business
- any benefits or opportunities presented by the risk.
Once you have identified, analysed and evaluated your risks, you need to rank them in order of priority. You can then decide what methods you will use to treat unacceptable risks.
Also consider...
- Find out how you can use the PPRR risk management model to assess risks to your business.
- Consider purchasing Risk management - procedures and guidelines (Standards Australia AS/NZS ISO 31000:2009).
- Read about business continuity planning and how to create a plan to manage after an incident or crisis.
- Learn about how to survive an economic downturn.
- Last reviewed: 18 Jul 2017
- Last updated: 23 Jun 2016
I want to...
Events
- Capability statement workshop: Maroochydore 19/10/2018
- Tendering for Business Workshop: North Lakes 24/10/2018