Risk Analysis / Audit

Evaluating & Managing Risks


Whatever your role, it’s likely that you’ll need to make a decision that involves an element of risk at some point.  Risk is made up of two parts: the probability of something going wrong, and the negative consequences if it does.

Risk can be hard to spot, however, let alone prepare for and manage. And, if you’re hit by a consequence that you hadn’t planned for, costs, time, and reputations could be on the line.

Risk Analysis / Audit is an essential tool that can help you identify and understand the risks that you could face in your role. In turn, this helps you manage these risks, and minimize their impact on your plans.  GPG helps you evaluate and prioritize risks  in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety.

GPG provides guidance and tools for companies and organizations who want to ensure that their products and services consistently meet customer’s requirements.  Our risk analysis/audit objectives are to assure uncertainty does not deflect the endeavor from the business goals.


What Is A Risk Analysis / Audit?

Risk Analysis is a process that helps you identify and manage potential problems that could undermine key business initiatives or projects.

To carry out a Risk Analysis, you must first identify the possible threats that you face, and then estimate the likelihood that these threats will materialize.

Risk Analysis can be complex, as you’ll need to draw on detailed information such as project plans, financial data, security protocols, marketing forecasts, and other relevant information. However, it’s an essential planning tool, and one that could save time, money, and reputations.


Quantitative Risk Analysis

Quantitative risk analysis seeks to numerically assess probabilities for the potential consequences of risk, and is often called probabilistic risk analysis or Probabilistic Risk Assessment (PRA). The analysis often seeks to describe the consequences in numerical units such as dollars, time, or lives lost. PRA often seeks to answer three questions:

  1. What can happen? (i.e., what can go wrong?)
  2. How likely is it that it will happen?
  3. If it does happen, what are the consequences?

Thus, risk R can be described as a set of triplets, R={<si,pi,ci>}, i=1,2,…,N where si is scenario ipi is the probability of scenario ici are the consequences if scenario i occurs, and N is the total number of scenarios. This type of analysis typically results in a probability distribution over the consequences.

Although actuarial science has used probabilities to measure risk for more than a hundred years, PRA as a specific mode of inquiry was initially developed to analyze engineering risks such as nuclear power plants and the space shuttle.  More recently, it has also been applied to other areas, such as business, climate change, health risks, food safety and security. Especially with the increasing importance of terrorism, game theory has become a quantitative tool to analyze the risks of intelligent adversaries who seek to do harm against a system or people. These game-theoretic techniques may be probabilistic or deterministic.


Qualitative Risk Assessment

Qualitative risk assessment, in absence of precise values for likelihood and consequences, assigns relative and broad classifications to the likelihood and consequences for each risk and does not build a precise mathematical model of risk as suggested by PRA. A common qualitative model is the risk matrix, which cross-references classifications of likelihood of occurrence with classifications of severity of consequences of occurrence to determine a broad classification of risk level, under the general principle that greater probability and greater severity each imply greater risk.

Qualitative, pseudo-quantitative, or scoring methods have been heavily criticized because they do not obey mathematical rules and may not correctly rank risks.  They have the appearance of being rigorous but provide a false sense of security to those organizations that rely on them to manage risks.  Undertaking a full quantitative approach provides a more rigorous analysis and a better foundation for making good risk management decisions than relying on pseudo-quantitative methods.


When to Use Risk Analysis

Risk analysis is useful in many situations:

  • When you’re planning projects, to help you anticipate and neutralize possible problems.
  • When you’re deciding whether or not to move forward with a project.
  • When you’re improving safety and managing potential risks in the workplace.
  • When you’re preparing for events such as equipment or technology failure, theft, staff sickness, or natural disasters.
  • When you’re planning for changes in your environment, such as new competitors coming into the market, or changes to government policy.