Hello and welcome back. In the last lesson, we identified risk to our project and started a risk register. At this stage, we have a long list of risk, probably a list that is longer than we can reasonably manage on our project. In this lesson, we'll understand how to analyze these risk and then assign a priority to them. High-priority risk we will actively manage, and lower ones we would just track but not actively pursue. The first step in this process is to perform a qualitative risk analysis. As part of the qualitative analysis of our risk, we will rate the likelihood that a specific risk will occur, measure the impact of that event on our project should it occur, use the first two measures to create a severity rating for each risk, and finally assign a priority ranking for each risk based on the severity rating we've created. These four relatively simple steps will help us to narrow the focus of our risk management efforts to those risk or opportunities which are likely to occur and also will have a significant impact on our project. These are the risk and opportunities that we want to actively manage. The first step in this process is to create a likelihood rating. A typical approach is to rate the likelihood of each risk occurring on a scale of one to five, with one being highly unlikely and five being nearly certain. An example of this type of system is shown here in the table you see. The values you see here which define the likelihood rating in each level are fairly typical across the engineering industry. However, you can create your own measurements if they make more sense to your situation or to your organization. The important thing is that your measurement system should be recorded in the risk management plan so they can be understood by all. The next step in the process is to rate the impact that an event may have on the project. Again, the best practice is to find a chart similar to the one you see here to qualify what criteria should be used for each ranking metric. Since impacts to the project can come in the form of cost impacts, schedule impacts, scope changes, quality impacts, or health safety and environmental impacts, it is beneficial to describe what constitutes a high-impact or a low-impact event in each category. The impact rating matrix will vary more widely from project to project than the likelihood rating matrix. The reason for this is simple. Each project will have a different cost; the criticality of schedule delays will be different; the importance of quality and scope on the final project will be different; and finally, the safety and environmental risk will be different. Again, the key is to work with your team to define the parameters you will use and then record these definitions in the risk management plan. The ratings provided here are intended to provide you with an example of how the definitions might work. After we've created a likelihood rating matrix and an impact rating matrix for each risk, we want to use these to develop a severity rating for the event. The first step in assigning the severity rating to each risk is to create a severity risk, a risk assessment matrix similar to the one you see here. This one was created by multiplying the likelihood rating by the impact rating to define a severity rating. Other matrices may use two times the impact rating times the likelihood rating to get a severity rating. Any formula that relates the two events and reflects the risk tolerance of your organization is acceptable. In fact, many organizations have a formal risk management process in place that will have a standard risk assessment matrix in place. If this is the case, you should use the matrix for your project. You will also note that the risk assessment rating includes color bands to define high, serious, medium, and low severities. This color and band system is also fairly standard across engineering projects. Each risk can now be assigned a severity rating of high, serious, medium, or low based on the qualitative analysis. All of our ratings to likelihood, impact, and finally, severity should be recorded in the risk register. At this point, our long list of risk has been subdivided into categories based on a severity rating for our project. Our primary risk management focus should be on high-severity risks. These are the ones we really want to manage because they are likely to occur and will have us an important impact on the project. If the number of high-severity risk are relatively few in number, then we can consider adding serious risk to our focus area. At this stage of our risk management process, we've identified potential risk to our project, perform your qualitative risk analysis of the risks, and then prioritize them by severity into high-, serious-, medium-, and low-risk events. In the next lesson, we will develop risk responses to each of the high-severity risks.
