EVALUATION OF RISK Risk identification, evaluation and consideration to curb risk are generally a simultaneous process

in practice ..

Risk - arising out of :

Complexity : Difficulty of identifying & quantifying Causal Links. Uncertainty: Indeterminacy.

Ambiguity : Variability of interpretation of observation & data assessments .

Why to evaluate Risk

Purpose of prioritisation in handling Risk: To assess budgetary restrictions in handling risk: To assess frequency and severity of Risk: To decide the premium against risk coverage :

prioritisation in handling Risk:

Methods of Evaluating Risk SUBJECTIVE METHOD QUALITATIVE IN NATURE :

Individual or group who are conversant with the system to provide opinions on the riskiness of a particular situation are asked about riskiness without resorting to past data.

OBJECTIVE METHODS QUANTITATIVE IN NATURE :

Quantitative methods rely on the examination of past data and assume that this can be projected into the future to establish a means of measurement of the risk concerned.

1 - QUANTITATIVE METHODS OF EVALUATING RISK

FREQUENCY :

The probability of a risk occurring involves its relative frequency that ranges between two certainties i.e., 0 and 1.

The closer to one the more likely a risky situation is to occur whilst the closer to zero the less likely.

zero indicates that the loss is impossible. one represents that loss will certainly occur.
The relative frequency of an event is calculated from past data [Valid & Authentic] that has been adjusted to take into account any changes that have occurred in the environment.

Problems Associated with Assessing Probability The validity of Data : Dynamic Situation A change in environment be adjusted while computing relative frequency. There are a number of problems involved in using this method in addition to the validity of the data. Example Flight crash ; Take off or Air born ? Data related to actual exposure of risky circumstances:

Record of damage.
Event Exposing Risk of Loss A B C D E F

Value 0 >0 < 1,000 >1000 <2000 >2000 <3000 >3000 <4000 >4000<5000 Total

Occurrence

Probablity

970/1000 20/1000 3/1000 5/1000 1/1000 1/1000

0.97 0.02 0.003 0.005 0.001 0.001

1

2 - QUANTITATIVE METHODS OF EVALUATING RISK SEVERITY:

Severity involves the extent of the possible loss, how much damage has been caused by the event of interest.

Damages awarded in a court of law could be used as a basis although these are uncertain.

Questions concerning whether the market price of the actual item concerned is to be used or its replacement value have to be considered. Furthermore, values change over time and this will also have to be taken into account.

Record of damage.
Event Exposing Risk of Loss A B C D E F

Value 0 >0 < 1,000 >1000 <2000 >2000 <3000 >3000 <4000 >4000<5000 Total

Occurrence

Probablity

970/1000 20/1000 3/1000 5/1000 1/1000 1/1000

0.97 0.02 0.003 0.005 0.001 0.001

1

3 - QUANTITATIVE METHODS OF EVALUATING RISK

EXPECTED VALUE : This takes into account both the severity and
frequency of a particular occurrence.
Probability x Assessed Damage Value : [example-probability of a fire occurring during a particular year may be 0.01 and the damage arising is calculated at Rs. 10,000/- the expected loss is 0.01 x 10,000 giving an expected value of Rs. 100/ This means that on average, in the long run, the organisation can expect, per unit of exposure, an expected loss of Rs. 75.5 per annum. Expected value calculation
Value 0 >0 < 1,000 >1000 <2000 >2000 <3000 >3000 <4000 >4000<5000 Total Mid-point 0 500 1500 2500 3500 4500 Probability 0.97 0.02 0.003 0.005 0.001 0.001 1 Probability x mid point 0.0 10.0 45.0 12.5 3.5 4.5 75.5

4 - QUANTITATIVE METHODS OF EVALUATING RISK STANDARD DEVIATION: The concept of the standard deviation can be
used in some cases where the expected loss could turn out to be the same or similar although the raw figures are quite different.
This is the average difference between the basic data and the expected loss. The standard deviation is calculated by squaring the mid-point of the range of values and multiplying this by the probability of the event occurring and deducting this from the expected value which has been squared.

Value

Mid-point

Probability

Probability x Square-of Probability x mid-point mid-point 0 20 30 12.5 10.5 4.5 77.5 0 400 900 156.25 110.25 20.25 Total Variance Standard deviation

Expected value squared [(77.5)*(77.5)] 6006.25 6006.25 6006.25 6006.25 6006.25 6006.25

Difference

0 >0 <10000 >10000<20000 >20000<30000 >30000<40000 >40000<50000

0 5000 15000 25000 35000 45000

0.999931 0.004 0.002 0.0005 0.0003 0.0001 1

6006.25 5606.25 5106.25 5850 5896 5986 34450.75 185.609132

QUALITATIVE RISK ASSESSMENT

A method that has been applied successfully to use a scoring mechanism for both severity and frequency. Each risk is scored between 1 and 5 for severity and frequency, five representing the highest and one the lowest.

Frequency of risk Assessment

Factor 1 2 3 4 5 Possible frequency of occurrence Happens in excess of once every 50 years Happens in excess of every 5 years but less than 50 years

Happens less than once a year but more than once every five years
Happens more than once a year but less than once a week Happens more than once a week

QUALITATIVE RISK ASSESSMENT : SEVERITY ASSESSMENT -

QUALITATIVE RISK ASSESSMENT

Frequency of risk Severity of Risk
Evaluated Riskiness
Factor Product of Frequency & Severity 1

Factor

Possible frequency of occurrence

Affect on Objectives

Happens in excess of once every 50 years Happens in excess of every 5 years but less than 50 years

Does not affect objectives Reduces the possibility of achieving the organisational objectives by 25% Reduce the possibility of achieving the organisational objectives by 50% Reduces the possibility of achieving organisational objectives by 75% Reduces the possibility of achieving organisational objectives by 100%

Happens less than once a year but more than once every five years Happens more than once a year but less than once a week Happens more than once a week

16

25

Inclusion of Cost Consideration :

The cost of implementing loss control work in order to reduce risk is included in estimation of Risk by
Assigning numbers one to five. Low cost is one and high cost is five. Dividing the risk factor by the cost giving a costed risk factor {Costed risk factor (S*F/C)}.
[Example- if a risk has a severity of five, a frequency of two and a cost of three then the risk factor is five multiplied by two giving ten. This is divided by three giving three point three. This can be compared with a risk that has a severity of three and a frequency of two with a cost of one giving a risk factor of six and a costed risk factor of six.]

Finalizing Evaluation of Risk Hierarchy of Risk

Work/Task to be done

Frequenc Severity Cost Factor y Cost of Control

Cost Control Scale

Costed risk Number Accumulate factor of risks d cost (S*F/C)

(S) A 4 3 2

(F) 5 4 4

(C) 1 2 3
Less than 5,000 Between 5,000 and

1 2 3

20 6 2.7

1 2 1

5,000 55,000 105,000

B C

25,000
Between 25,000 and 50,000

Cost Control Limit

D E 1 5 3 1 2 5
Between 25,000 and 100,000 More than 100,000

4 5

1.5 1

2 1

155,000 255,000