Upper Rating Probability Thresholds Because risk to business objectives comes

# Upper rating probability thresholds because risk to

• Notes
• wbw203
• 50

This preview shows page 30 - 37 out of 50 pages.

Upper Rating Probability Thresholds Because risk to business objectives comes from unexpected events outside of “business as usual”, we may desire more granularity in differentiating between Possible, Unlikely and Rare events than for Likely and Frequent.
31 Definition of consequence § Consequence refers to the extent to which a risk event might affect the enterprise. § Consequence assessment criteria may include financial, reputational, regulatory, health, safety, security, environmental, employee, customer, and operational impacts. § Organizations typically define consequence using a combination of these types of impact considerations to aid consistent application of risk assessment across different risk types.
32 Factors to consider in the design of the consequence scale § The scales used to represent the extent of consequences must be designed carefully . If not, then either the level of risk is not assessed properly or incorrect choices are made to accept or treat the risks. § For each outcome decide a meaningful measure (quantitative or qualitative) that reflects the degree of success in achieving the underlying objective. § Express the measure on a scale. These are then used to express consequences. The graduation of the scales should reflect the nature of the objective and the tolerance for variation in that outcome. § To accommodate uncertainties in the measurement of consequence, consider expressing impacts as a range rather than a single value.
33 Necessary attributes of a consequence scale 1. The range of the scale includes the upper values that could possibly occur. It should at least represent a level considered extreme for the organization defined as an outcome where radical action would be taken that would involve closure or substantial change to the organization . 2. The lower end corresponds to the limit of materiality. 3. The granularity (i.e. the number of steps and the interval between steps) of the scale is: finest at the point where the consequences from most events are expected to occur precise enough to discriminate between acceptable and unacceptable levels of risk useful in determining which treatments should be implemented. § Consequently ratings may not be evenly interpolated
34 Illustration of consequence scale Impacts considered by different measures: Financial loss Reputation damage Regulatory reporting Safety Employee Engagement
35 Choice of scale type affects ability to combine likelihood and severity Nominal is purely descriptive. Limited use as no mathematical or ranking operation can be performed. Ordinal (eg. High, Medium, Low) permits ranking but adding risks is arbitrary and importantly, cannot quantitatively combine ordinal scales of likelihood and consequence. Qualitative judgment needed. Ratio is a fixed interval scale with a zero end point. Most useful because mathematical operations (summing) and cross multiplying of likelihood and consequence can occur.
36 Use of ordinal scales § Ordinal scales are used when quantitative measurement is unavailable or inaccurate and/or qualitative judgment is used to assess risk.