How to Use Risk Analysis

The foundation of carrying out a risk analysis / audit:

 

Identify Threats:  The first step in Risk Analysis is to identify the existing and possible threats that you might face. These can come from many different sources. For instance, they could be:

  • Human – Illness, death, injury, or other loss of a key individual.
  • Operational – Disruption to supplies and operations, loss of access to essential assets, or failures in distribution.
  • Reputational – Loss of customer or employee confidence, or damage to market reputation.
  • Procedural – Failures of accountability, internal systems, or controls, or from fraud.
  • Project – Going over budget, taking too long on key tasks, or experiencing issues with product or service quality.
  • Financial – Business failure, stock market fluctuations, interest rate changes, or non-availability of funding.
  • Technical – Advances in technology, or from technical failure.
  • Natural – Weather, natural disasters, or disease.
  • Political – Changes in tax, public opinion, government policy, or foreign influence.
  • Structural – Dangerous chemicals, poor lighting, falling boxes, or any situation where staff, products, or technology can be harmed.

 

You can use a number of different approaches to carry out a thorough analysis:

  • Run through a list such as the one above to see if any of these threats are relevant.
  • Think about the systems, processes, or structures that you use, and analyze risks to any part of these. What vulnerabilities can you spot within them?
  • Ask others who might have different perspectives. If you’re leading a team, ask for input from your people, and consult others in your organization, or those who have run similar projects.

Tools such as a SWOT Analysis (Harvard Model), an FMEA, can also help you uncover threats, while a Scenario Analysis helps you explore possible future threats.

 

Estimate Risk:  Once you’ve identified the threats you’re facing, you need to calculate out both the likelihood of these threats being realized, and their possible impact.  One way of doing this is to make your best estimate of the probability of the event occurring, and then to multiply this by the amount it will cost you to set things right if it happens. This gives you a value for the risk:

Risk Value = Probability of Event x Cost of Event

As a simple example, imagine that you’ve identified a risk that your rent may increase substantially.

You think that there’s an 80 percent chance of this happening within the next year, because your landlord has recently increased rents for other businesses. If this happens, it will cost your business an extra $500,000 over the next year.

So the risk value of the rent increase is:

0.80 (Probability of Event) x $500,000 (Cost of Event) = $400,000 (Risk Value)

You can also use a Risk Impact / Probability Chart to assess risk. This will help you to identify which risks you need to focus on.  Don’t rush this step. Gather as much information as you can so that you can accurately estimate the probability of an event occurring, and the associated costs. Use past data as a guide if you don’t have an accurate means of forecasting.