Analysing and evaluating risks

Once you have identified and created a list of possible risks to your business, you need to analyse and evaluate each one.

The most common way of analysing risks is to use a scale that rates each risk on:

  • the likelihood of it occurring
  • the consequences of it occurring.
Likelihood scale example
LevelLikelihoodDescription
4Very likelyHappens more than once a year in this industry
3LikelyHappens about once a year in this industry
2UnlikelyHappens every 10 years or more in this industry
1Very unlikelyHas only happened once in this industry
Consequences scale example
LevelConsequenceDescription
4SevereFinancial losses greater than $50,000
3HighFinancial losses between $10,000 and $50,000
2ModerateFinancial losses between $1000 and $10,000
1LowFinancial losses less than $1000

Note: The scales above use 4 different levels; however, you can use as many levels as you need. Also use descriptors that suit your purpose (e.g. you might measure consequences in terms of human health, rather than dollar value).

Once you have established the likelihood and consequences of a particular risk, you then need to create a risk rating table for evaluating the risk. Evaluating a risk means making a decision about its severity and ways to manage it.

Use the following formula to calculate risk rating: Likelihood x Consequences = Risk rating

For example, you may decide the likelihood of a fire is 'unlikely' (a score of 2) but the consequences are 'severe' (a score of 4). Using the tables above, a fire therefore has a risk rating of 8 (i.e. 2 x 4 = 8).

Risk rating table example
Risk ratingDescriptionAction
12-16SevereNeeds immediate corrective action
8-12HighNeeds corrective action within 1 month
4-8ModerateNeeds corrective action within 3 months
1-4LowDoes not currently require corrective action

Your risk evaluation should consider:

  • the importance of the activity to your business
  • the amount of control you have over the risk
  • potential losses to your business
  • any benefits or opportunities presented by the risk.

Once you have identified, analysed and evaluated your risks, you need to rank them in order of priority. You can then decide what methods you will use to treat unacceptable risks.

Also consider...