Three Variables to Calculating Risk Exposure

March 18, 2017 by Stuffzoom

Filed under Business & Finance

Last modified March 18, 2017

As you are aware risk management (as per PMI) is not to identify what could go wrong with a project but what is unknown about a project. Unknowns are risks. So what is a risk? Well risks are twofold:

  1. They are bad things that could happen that will negatively impact a project (or at least a task).
  2. They are good things that will happen that will positively impact a project (or task).

So essentially a risk is an unknown no matter how it is classified.

You may also be aware that risks are currently and for the most part always measured by their Probability and Impact that they could have on a project. The Problem is that Probability and Impact only account for 2/3 of the answer. Below is a chart that explains this further. We will use a scale of 1 to 10 to measure, 10 being the greatest. Remember the formula for Risk Exposure number is Probability x Impact. When we add the 3rd variable we will divide Probability and Impact total by the Detectability number. This is done so the modified Risk Exposure number run from least to greatest on a scale of 1 to 10. I for one prefer to use whole numbers rather than decimals since we as a society tend to think on a scale of 1 to 10.

Formula: (P X I) / Detectability= Risk Exposure

Being Hit by a Train

Probability = 1

Impact = 10

Traditional Risk Exposure = 10

Being Eaten by a Shark

Probability= 1

Impact = 10

Traditional Risk Exposure= 10

Being Hit by a Meteorite

Probability = 1

Impact = 10

Traditional Risk Exposure = 10

Now add the element of Detectability. To illustrate this we will work with the Traditional Risk Exposure number from above.

Being Hit by a Train

Traditional Risk Exposure = 10

Detectability = 10

New Risk Exposure = 1

Being Eaten by a Shark

Traditional Risk Exposure= 10

Detectability = 2

New Risk Exposure = 5

Being Hit by a Meteorite

Traditional Risk Exposure = 10

Detectability = 1

New Risk Exposure = 10

Now as you can see each risk has a Probability and Impact that are the same. You must agree that each have a low chance of happening but if they do happen have a severe impact on your life. Yet, this tells us nothing about the risk. The real question is if I can see it coming or not. This is where Detectability comes to play. For the Shark we have a very little chance of knowing when we will be eaten. We might see a fin so we give it a 2. The same can be said of the Meteorite yet, even if we see it coming it is too late to do anything, so we will give it a 1. The train on the other hand is very detectable. Why? Well first it is on a given track. We can see down the track for a mile or so. The train also makes a lot of noise and is very predictable. To avoid being hit we move left or right a few feet.

These examples are only for illustrating how Detectability can be used to help weed out risk from a large pool of risk that a project may have. The point is, that many PMs and Risk Manger only rely on Probability and Impact which may focus too much attention on a risk that can be seen coming. Granted a meteorite hitting you has a probability of almost zero but since you cannot detect it very easily it is something that you should review.

Once Detectability is added to the equation managers have a better idea of what risks need a more attention and which one can be placed to the side for a moment. All risks need some level of attention and should never be allowed to go unchecked.

Source by Robert A Dudley

Related Articles

                      Leave a Comment

                      Google+ Twitter Facebook