Risk assessment matrix
- 1 Risk Assessment Introduction
- 2 Types of Risk Assessment
- 3 Risk Assessment Matrix
- 4 Risk Assessment Matrix Tutorial
Risk Assessment Introduction
Risk assessment is the process of risk analysis and risk evaluation. The concept of risk is defined as the probability and severity that a hazard will occur, where a hazard is defined as a condition with the potential for causing an undesirable consequence. A risk analysis is performed as a quantitative evaluation of the risk of an activity.
Risk assessment is performed in safety engineering, reliability engineering, and environmental engineering. It is a key part of any engineering project, both large and small scale. Common risk assessment is performed using a risk matrix, a tool used to determine the severity and probability of an accident independently from one another. Criteria for information to be analyzed using a Risk Matrix model (State, 2004):
- Identify their most important (critical) processes and functions
- Identify threats most likely to impact those processes and functions
- Determine the vulnerability of critical functions and processes to those threats
- Prioritize deployment of personnel and resources in order to maintain continuous operation of critical functions and processes.
There are several key principals required to yield meaningful results from risk assessments. The first is to establish governance over the risk assessment process to maintain proper commitment and necessary resources. This prevents the risk assessment from becoming out of focus. Similarly, a risk assessment must begin and end with specific objectives. Defining these objectives keeps the scope of the assessment in check, as well as preventing too much risk from being deemed acceptable. Management or team leaders must form a view of risks that support decision making, as opposed to preventing it. This change in views is very important in preventing a negative approach to ideas. This type of approach can cripple a project as risks are considered before ideas are, and can result in a lack of progress. The final key principle is the idea of using leading indicators to provide insight into potential risks. This principle may seem obvious, but its importance cannot be overstated. Proper research and using historical data and events to determine the level of risk is very important in determining proper risk significance and probability. This process is key in achieving an accurate level of risk.
Risk assessment comes with a unique set of challenges that can hinder its usefulness for a project. The most common of these challenges are as follows:
- Risk assessment is viewed as limited value, episodic process. This challenge prevents risk assessment from being a consistent contributor to decision making, instead being used irregularly throughout the project’s life.
- Failure to properly interpret and use the data gathered for a risk assessment. This failure will result in an assessment that is inaccurate, with too little or too much risk assigned.
- Too many risk assessments being performed. This problem can cause a very complex and confusing risk assessment process. To prevent this issue, using a consistent risk assessment process is very important, as is avoiding too many different categories for the risk analysis.
- Relying too heavily on risk assessment. While risk assessment can provide insight into the risks associated with a project, unanticipated problems can always occur. Additionally, risk assessment relies on probability to determine the chances of an incident occurring. Therefore, risk assessment cannot be considered to be the last chance at preventing incidents or failures.
Types of Risk Assessment
Risk assessment can therefore be conducted at various levels of the organization. The objectives and events under consideration determine the scope of the risk assessment to be undertaken. Examples of frequently performed risk assessments include:
Risk associated with the loss from activities such as design, engineering, manufacturing, technological processes and test procedures. (Dictionary, 2015) Technical risk addresses project level concerns and provides the detailed assessment of the technical risks and issues associated with each option in the capability proposal. The primary purpose of the technical risk assessment is to inform stakeholders of these risks and issues and assist the project in the development of effective risk treatments and issue resolution strategies. At this stage, a significant proportion of the technical risks may relate to insufficient technical information. (Division, 2010)
In recent years, increased regulatory requirements have forced businesses to expend significant resources to address risk, and shareholders in turn have begun to scrutinize whether businesses have the right controls in place. The increased demand for transparency around risk has not always been met or met in a timely manner, however—as evidenced by the financial market crisis, where the poor quality of underlying assets significantly impacted the value of investments. In the current global economic environment, identifying, managing, and exploiting risk across an organization has become increasingly important to the success and longevity of any business. (HouseCoopers, 2008) Evaluation of risks related to initial capital investment of the organization through input from various parties such as the World Bank, financial institutions, and stakeholders. This evaluation, typically performed by the finance function, considers the characteristics of the financial reporting elements (e.g. the effectiveness of the key controls (e.g., likelihood that a control might fail to operate as intended, and the resultant impact). (HouseCoopers, 2008) Mining projects are one of the world leaders in capital-intensive projects, and without capital investments would not be able to be undertaken. Capital is required throughout all stages of mine planning, mine design and mine reclamation. (Darling, 2011)
Social risk assessment is used to determine the risk that a certain action will negatively impact the company’s or project’s social status with any communities. This negative impact is caused by anything the project can cause that will result in a decreased quality of life for surrounding populations, either financially or otherwise. This type of assessment is very unique to each project, and therefore using historical data may not accurately reflect any similar risks taken for the project.
Environmental risk assessment has been an important process for many years. This type of assessment has several components. Determining the type of environment the risk impacts is the first step, as a risk can affect humans, animals, plants, or natural resources. The next step is to determine how the risk affects its environment. This can be caused by an impact on health, through disruption of the natural environment, or any other means that reduce the quality of resources or life in the area. The final step is to determine whether the risk will have lasting effects or damage. This process allows for a thorough determination of the severity and probability of adverse effects on the environment.
Safety risk assessment deals with the process of determining the risk associated with any action that may put the health of any project worker in jeopardy. This type of risk assessment is very important, as the identification of all safety risks are essential to prevent injury. The process for performing a safety risk assessment is very standard, as the severity and probability of identified injuries are estimated and a risk assessment matrix is used. However, since the health of workers is being analyzed, the level risk is determined much more strictly than other risk assessments.
Forecasting metal prices is one of the most difficult tasks associated with project evaluation and design. The risk associated with the metal price is due to the fluctuations in price over the life of mine period. The metal prices and the revenue are the most sensitive elements when conducting a sensitivity analysis on the net present value of a project. (Darling, 2011)
As the Canadian dollar continues to drop against the U.S. dollar, the profit margins of the project will improve because the cost of production declines in dollar terms . (Darling, 2011)
Risk Assessment Matrix
Consequences of risks as laid down in the grid use descriptive words and are ranked according to severity: Insignificant, Moderate, Critical, and Catastrophic. Insignificant risks are the least severe and would be assigned the lowest rank. Inversely, catastrophic risks are those that would be first in the severity ranking. Determine tolerance by assigning dollar values to each severity ranking, as well as some qualitative characteristics of the consequence being described. (ExecutiveBrief, 2008)
Risk Assessment Matrix Tutorial
Risk Matrix Tutorial Video
Advantages of a risk matrix
- A quick way to graphically recognize the issues of the risk
- The severity of the hazard and the frequency to be evaluated independently from one another
- Estimation of probability are not needed
The actual determination of each space is determined prior to the assessment being completed, and varies from project to project. It is not unusual to see the Catastrophic – Improbable space be considered an unacceptable risk, as the consequence of such a hazard would be tragic for the project.
Disadvantages of a risk matrix
- Lack of depth to the tool
- The consequence of human error in the determination of the matrix
The lack of depth is an issue because should the tool be used as the only method of risk evaluation, the intricacies of the hazard could be oversimplified. For this reason, the matrix is a tool that should be used as an overview or preliminary measure in risk assessment.
The consequence of human error that could cause an issue with a risk assessment usually comes from judging spaces on the matrix inappropriately. While the axes will often have quantitative values associated with them, such as a percent chance of occurring or a set financial loss, the spaces are reliant on the judgment of the user.Therefore, some human error can be a factor in the overall risk assessment.