November 5, 2020, 8:30 a.m. to 6 p.m. EDT | November 6, 2020 – February 7, 2021, On-Demand | Online Conference
Please login or join to subscribe to this thread
I'm not familiar with the risk calculation template on this site. I use a likert scale (1-5) for probability and impact, the product of these two numbers represents risk exposure. I use the risk exposure to prioritize the risk, in determining the appropriate risk response. In some cases, I will also factor in time frame to impact. A risk with medium exposure that needs to be mitigated, that will have an impact within a matter of weeks, might need addressed sooner than a risk with similar, or greater, exposure that won't be realized for months.
You are seraching for the holly grail. Why? because both components in the formula will depend on each organization and for projects you take a subset of all related to risk the organization has defined.
It depends on the need. For general usage, we will typically use a scale of 1 to 3 or 5 for probability, and often the answer is subjective. I like to use a scale of 1 to 5 and find that the discussion of where we should place the risk is more important than the ultimate value. We could argue about whether something is a 3 or a 4, but usually have assessments that are close unless someone brings in all new information. That is why I like a scale to 5 instead of 3.
For critical items like safety, there will be in-depth statistical analysis. Showing a probability of less than 1E-9 requires much more than a conversation between experts.
Keith made a good point. It depends on your need.
From your question I'm not sure whether you are looking for a risk register template used to summarize and document risk events, analysis and response or a risk matrix template to analyze risk events to determining probability, impact and response. Based on your second sentence, I am assuming you are referring to a risk matrix
If you search the WEB for Risk Matrix Template you will get all sorts of examples, including material from PMI. Some simplistic 3x3 as well as suggested numeric values to facilitate analysis and prioritizing. However, as Keith writes, it depends on the project needs and risk tolerance If you don't want to reinvent the wheel, start with a format that makes sense to you and modify it to fit.
The intent of a risk matrix is not so much as to determine a risk score as a score is somewhat meaningless without context. Simplistically, if a project can accept or absorb a moderate level of risk then the intent is to classify risks essentially ignore low risk events and mitigate high risk events to bring them down to moderate or less. Now, it can get much more complicated as numerous low level risks can accumulate to significant project impacts. Also, the cost of mitigation could be greater than the impact of the risk event should it occur.
Bottom line: selecting the risk matrix is only the start.
Please login or join to reply