Computing The Values of the Key Risk Decision Elements
There are at least seven (7) key risk decision making elements that the information about their values must be provided to the business leaders and other stakeholders that require the risk information to make decisions and take actions. The key risk decision elements are: probability, impact severity, inherent risk level, risk tolerance limit, control effectiveness, residual risk and gap. The short descriptions of these seven key risk decision elements and their computational formulas have been presented below:
• Probability = number of risk events that occurred /population of the possible number of risk events that can occur.
Key Risk indicators play significant roles in predicting risk probability and potential impact severity. These requires establishing and understanding the population of the external and internal vulnerabilities or gaps which if exploited may trigger the risk events, conditions and actions to manifest and also tracking the frequency, velocity and root causes of those events, conditions and actions that have manifested.
• Impact severity = asset loss, damage, delay or injury level as estimated by Subject Matter Experts or Valuers.
• Inherent risk level = Probability X Impact Severity. Inherent risk is the initial value assigned to a risk when first discovered before mitigation actions are taken to reduce risk probability and impact severity
• Risk tolerance limit = Fraction of the inherent risk level beyond which worry can set in. Risk tolerance limit is critical because risks cannot be eliminated 100% but can be reduced to an acceptable level subject to the organizational risk appetite or mindset. The proportion could be in fraction or percentage.
• Control effectiveness = number of controls that worked well /population of control implemented to mitigate the risks.
• Residual risk level = Inherent risk – Control Effectiveness. Residual risk is the inherent risk level that is left after control has been implemented.
• Gap = Residual Risk – Control Effectiveness
• Control is effective, if Gap is negative.
• Control is moderately effective, if Gap is Zero.
• Control is not effective, if Gap is positive.
Given the formulas stated above, it is important to note that probability and impact severity and controls are three variables that form the foundation for the computation of the various risk levels – inherent risk, risk tolerance limit, residual risk and gap. Any serious mistake in collecting wrong input data and computational formular makes nonsense the values of the inherent risk, risk tolerance limit, residual risk and gaps which ultimately damages objective judgement, decisions and choice of actions to navigate the risks.
For more insights on my other blog posts, visit: https://www.sallyogwookeyumahi//
Kindly leave your reactions and comments to enable me to get better in my writings and blog posts.
Thank you for investing your time to read my blog post.
#risk #control #strategy #sallyogwo #sallyokey