Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
impact to the organization and a lower probability because these are easier to fix — and fixing a
greater number of open issues in a short amount of time looks better on paper. However, auditors
should recommend that organizations start by addressing those risks that will have the highest
likelihood of occurring and will have the highest impact. This is because by focusing on the low-
impact risks first, the company still remains vulnerable to the high impact risks that can cause
irreparable damage (Edmead, 2008).
In addition, while high impact/high likelihood risks should be a high priority, low impact/high
likelihood risks and high impact/low likelihood risks also may require immediate attention.
Therefore, each risk should be carefully evaluated before determining which risk needs to be
addressed first.
(https://iaonline.theiia.org/understanding-the-risk-management-process)
Following the risk assessment, the organization should be able to list all business risks (prioritized
by those that would have high impact and have a high probability of occurring), and a list of
mitigating control options to address the business risks (Rupert, 2013).
https://perspectives.avalution.com/2013/the-relationship-between-the-business-impact-analysis-
and-risk-assessment/
Page 27
Suggested Citation:"4 Risk Identification and Analysis." National Research Council. 2005. The
Owner's Role in Project Risk Management. Washington, DC: The National Academies Press. doi:
10.17226/11183. ×
Provision for adequate contingencies (safety factors) for budget and schedule (contingencies are
discussed in Chapter 6).
Improvement in the work processes in order to reduce the uncertainties. Prefabrication of major
components to avoid the uncertainties of construction at a job site is one example of changing the
normal process to reduce risks (although in this example the change may also introduce new risks,
such as transportation of the components to the job site; thus the resolution of one risk may give
rise to another).
Low impact/low probability – Risks in the bottom left corner are low level, and you can often
ignore them.
Low impact/high probability – Risks in the top left corner are of moderate importance – if these
things happen, you can cope with them and move on. However, you should try to reduce the
likelihood that they'll occur.
High impact/low probability – Risks in the bottom right corner are of high importance if they do
occur, but they're very unlikely to happen. For these, however, you should do what you can to
reduce the impact they'll have if they do occur, and you should have contingency plans in place
just in case they do.
High impact/high probability – Risks towards the top right corner are of critical importance. These
are your top priorities, and are risks that you must pay close attention to.
(https://www.mindtools.com/pages/article/newPPM_78.htm)
Risk assessment basically involves the calculation of the magnitude of potential consequences
(levels of impacts) and the likelihood (levels of probability) of these consequences to occur (EAF,
). Probability impact matrix is one of the commonly used qualitative methods for risk assessment.
After awarding of the total (scores) for likelihood and impact of risk categories identified by the
risk manager or project team members will proceed to multiplying the two variables. The result of
this operation will expunge degree of risk.
According to The IIA, risk is defined as the possibility that an event will occur, which will impact
an organization's achievement of objectives (The Professional Practices Framework 2004).