Purpose

• Comprehend the nature of risk & its

characteristics
• Level of risk
• Involves detailed consideration of
• Uncertainties
• Risk sources
• Consequences
• Likelihood
• Events
• Scenarios
• Controls and their effectiveness
 Detail & Complexity
• RA can be undertaken with varying degrees of
detail & complexity
• Purpose of the analysis
• Availability & reliability of information
• Resources available
• RA techniques can be
• Qualitative or quantitative
• Combination of Qual & Quan
Training on Basic Risk Management
DAP Bldg., San Miguel Avenue, Pasig City
August 06 – 10, 2018
 Factors
• RA should consider factors:
• Likelihood of events & consequences
• Nature & magnitude of consequences
• Complexity & connectivity
• Time -related factors & volatility
• Effectiveness of existing controls
• Sensitivity & confidence levels

Training on Basic Risk Management

DAP Bldg., San Miguel Avenue, Pasig City
August 06 – 10, 2018
 Risk Analysis
1. What are the causes & sources of risk?
2. What are the positive & negative consequences of
the risk?
3. What is the likelihood that the consequences
could occur?
4. What are the factors that affect consequence &
likelihood
5. What are the multiple consequences?
6. What are the multiple objectives affected?
7. What are the existing controls?
8. How efficient & effectives are the controls?
Risk Analysis Methods

Dependency Modelling
 Risk Analysis Methods

Event tree analysis (ETA) is a forward, bottom up, logical modelling technique
for both success and failure that explores responses through a single
initiating event and lays a path for assessing probabilities of the outcomes and
overall system analysis.
 Risk Analysis Methods
Failure Mode No access to internet
Effects Can’t access data needed to perform job
Severity 8 (range 0-10)
Potential Causes Problems with local service provider
Probability 4 (range 0-10)
Current controls None
Detectability 10 (range 0-10)
Action Look for alternate work locations with
internet access

Failure mode and effect analysis (FMEA) - potential failure

modes in every sub-item is analyzed for its effect on other sub-
items, and their consequences for the whole system.
 Risk Analysis Methods

Fault tree analysis - top down, deductive failure analysis in

which an undesired state of a system is analyzed using Boolean
logic (true or false) to combine a series of lower-level events.
 Risk Estimation
• Likelihood - chance of something happening
• Defined, measured or determined
• Objectively or subjectively
• Qualitatively or quantitatively
• Described using general terms or
mathematically
• Equivalent of the term “probability”

Training on Basic Risk Management

DAP Bldg., San Miguel Avenue, Pasig City
August 06 – 10, 2018
 Risk Estimation
Likelihood of Impact
Probability
Likelihood Description Frequency Percentage

Recurring event during the

Almost Occurs more than twice
life-time of an operation / Over 99% probability
Certain per year
project
Event that may occur
frequently during the life- Typically occurs once
Likely >50% probability
time of an operation / or twice per year
project
Event that may occur
Typically occurs in 1-10
Possible during the life-time of an >10% probability
years
operation / project

Event that is unlikely to

Typically occurs in 10-
Unlikely occur during the life-time of >1% probability
100 years
an operation / project

Event that is very unlikely

Greater than 100 year
Rare to occur during the life-time <1% probability
event
of an operation / project
 Consequences
Consequence Safety Environment
Low level short term subjective Near-source confined and
inconvenience or symptoms. promptly reversible impact
Insignificant (Typically a shift)
Typically a first aid and no
medical treatment.
Reversible injuries requiring Near-source confined and
treatment, but does not lead to short-term reversible
Minor restricted duties. impact (Typically a week)

Typically a medical treatment

Reversible injury or moderate Near-source confined and
irreversible damage or medium-term recovery
Moderate impairment to one or more impact (Typically a month)
persons.
Typically a lost time injury.
 Safety Environment Stakeholder/Community
Single fatality Impact that is Community trust – Tangible
and/or severe unconfined and expressions of trust / mistrust
irreversible requiring long- amongst most community members
damage or term recovery, with significant influence on
severe leaving residual decision-makers.
impairment to damage
Major
one or more (Typically years) Stakeholder relationship – Key
persons stakeholder(s) actively oppose or
actively refuse to engage / actively
support and engage.

Multiple fatalities Impact that is Community trust – Widespread loss

or permanent widespread- / gain of trust across the community
damage to unconfined and setting the agenda for decision-
multiple people. requiring long- makers and key stakeholders
Catas term recovery,
trophic leaving major Stakeholder relationship – Key
residual damage stakeholder(s) oppose and actively
(Typically years) get others to oppose / engaged and
actively get others to support.
 Risk Conseque Impact Controls Risk Risk Risk Criteria
Descripti nce Description Description Analysis Level (based on Legal
on or Category and Other
Scenario Requirement)
C L

Risk description - structured statement of risk usually containing 4

elements: sources, events, causes & consequences
Impact or consequence: outcome of an event affecting objectives
Event - occurrence or change of a set of circumstances
Control - measure that maintains and/or modifies risk
Vulnerability - intrinsic properties of something resulting in
susceptibility to a risk source that can lead to an event with a
consequence
 Risk Level or Magnitude
Likelihood Consequence

Minor Moderate Catastrop

Insignificant (1) Major (4)
(2) (3) hic (5)

Almost certain High Extreme Extreme Extreme

High (5)
(5) (10) (15) (20) (25)

Extreme Extreme
Likely (4) Medium (4) High (8) High (12)
(16) (20)
Medium Extreme Extreme
Possible (3) Low (3) High (9)
(6) (12) (15)
Medium Extreme
Unlikely (2) Low (2) Low (4) High (8)
(6) (10)
Medium
Rare (1) Low (1) Low (2) High (4) High (5)
(3)
Session 4D: Risk Evaluation – Tools &
Techniques

Training on Basic Risk Management

DAP Bldg., San Miguel Avenue, Pasig City
August 06 – 10, 2018
 Risk Evaluation
• Risk Evaluation - comparing results of risk analysis with
the established risk criteria to determine whether Risk
or its magnitude is acceptable or tolerable
• Decision includes:
• Do nothing further; Consider risk treatment options
• Undertake further analysis to better understand the risk
• Maintain existing controls
• Reconsider objectives
• Decisions should take account the wider context +
actual & perceived consequences to external & internal
stakeholders
Training on Basic Risk Management
DAP Bldg., San Miguel Avenue, Pasig City
August 06 – 10, 2018
 Risk Criteria
• ToR used to evaluate risk significance
• Based on organizational objectives, external
& internal context
• Derived from standards, laws, policies, other
requirements

Training on Basic Risk Management

DAP Bldg., San Miguel Avenue, Pasig City
August 06 – 10, 2018
 Risk Level or Magnitude
Likelihood Consequence

Minor Moderate Catastrop

Insignificant (1) Major (4)
(2) (3) hic (5)

Almost certain High Extreme Extreme Extreme

High (5)
(5) (10) (15) (20) (25)

Extreme Extreme
Likely (4) Medium (4) High (8) High (12)
(16) (20)
Medium Extreme Extreme
Possible (3) Low (3) High (9)
(6) (12) (15)
Medium Extreme
Unlikely (2) Low (2) Low (4) High (8)
(6) (10)
Medium
Rare (1) Low (1) Low (2) High (4) High (5)
(3)
 HIGH EXTREME

C
O
N
S
E
RISK
Q
U LOW MEDIUM
E
N
C
E

LIKELIHOOD
 Risk Criteria
1 2 3
Likelihood Consequence Magnitude
Levels Criteria Levels Criteria Levels Criteria or
Action
Almost Catastrophic Extreme
Certain

Likely Major High

Possible Moderate Medium

Unlikely Minor Low
Rare Insignificant
 References
ISO/IEC 27005:2011 – Information Security Risk Management

ISO 73:2009 – Risk Management Vocabulary

ISO 3000: 2018 – Risk Management - Guidelines

HB 89-2012 – Guidelines of Risk Assessment Techniques

Cajes, A.S. – Lectures in project management cycle & disaster

risk reduction, climate change adaptation

Development Academy of the Philippines. Integrity

Development Reports available at
http://www.ombudsman.gov.ph/docs/statistics/