▪Consequently ratings may not be evenly interpolated

47Illustration of consequence scale (from COSO)Apply the generic design to each risk type in the Risk Taxonomy using specific relevant risk metrics and descriptions.Apply the generic design to each risk type in the Risk Taxonomy using specific relevant risk metrics and descriptions.All “Extreme”represent risk capacity exceededAll represent immaterial

48Definition of likelihood▪Likelihood is the possibility that a given event will occur▪It may be expressed by one or more of:–Qualitative descriptor (e.g. “frequent,” “likely”, “possible”, “unlikely”, rare)–A percent probability (e.g. 90%)–A frequency (e.g. once in every “X” years) or return period (every “X” years) ▪Each rating level should correspond to a non-overlapping range of likelihoods (i.e. be mutually exclusive).▪Likelihoods will vary in magnitude depending on the time-frame considered. The longer the horizon, usually the greater the probability of an event occurring.▪Usually a one-year horizon is chosen to align to reporting and financial cycles, however, it is good practice to specify clearly.

49Designing the likelihood scale:- end points and interpolation▪Lowest rating should capture events that are almost certain – if these are of high consequence we should be well aware that they are imminent!▪At the other end of the scale the likelihood level should be sufficiently remote, but still within the concern for management and other stakeholders, in order to warrant assessment and treatment.▪Where numeric definitions are used (such as probabilities or frequencies) the intervals defining each rating may be spaced evenly (i.e. linear interpolation) or other method. Note that it is usual for probability and frequency ranges to be defined on an exponential or logarithmic scale.

50Illustration of likelihood scale:- AS/NZS ISO 31000▪A return period of 30 years is equivalent to once in 30 years or 1/30 = rounded probability of 3%

51The Risk Matrix and risk aversion•The advantage of the Risk Matrix is that it shows how likelihood and consequence are mapped to risk levels for all possible pairwise combinations (i.e. a mapping schema)•We can therefore look for coherency when designing risk levels (how risk levels change as likelihood and consequences change)•We can also see what combinations of likelihood and consequence have been assigned the same risk level‘Skew’

52How the Risk Matrix includes Risk Appetite▪Analysing a risk’s likelihood and consequence, and therefore where a risk is placed on the risk matrix, does not involve risk appetite – it is an objective opinion. ▪The risk levels that are assigned to each combination of likelihood and consequence expresses the organisation’s appetite for risk and therefore embed risk aversion.

#### You've reached the end of your free preview.

Want to read all 111 pages?

- Three '16
- risk principles