Professional Documents
Culture Documents
Risk Assessment Process
Risk Assessment Process
EITHER EALDE
BUSINESS SCHOOL
Course objectives
This course has allowed us to know in detail all the phases of the risk assessment
process.
In this practical case, we are going to carry out four exercises with two sections each
that aim to put into practice the knowledge acquired and demonstrate the
understanding of the key aspects of risk assessment and what is considered the
degree of maturity in risk-based thinking.
Exercise 1
Question a)
Imagine any activity in which there is an order or order receipt and a product or
shipment output, and describe it in no more than 10 lines .
Question b)
Now, based on that described activity, complete TABLE 1 on the next page with 4
examples of events according to the description of the fields shown below:
(1) The description of the event. For example: That an incorrect product has been
noted in the order.
(2) The type of event. Related to inputs (EE), to the process of internal origin (EI) or
external (EX).
1
Practical case
Risk analysis techniques. ISO 31010
EITHER
EALDE BUSINESS SCH
(3) Part of the process in which we consider it or appear for the first time. In this case,
at the entrance (Reception and validation of the order).
(4) We will indicate HIGH, MEDIUM or LOW, depending on whether we think that
what can cause the event to occur is something very complex or not. In this example
we could say that, as we imagine a company with very few different products, the
complexity is LOW.
(5) We will indicate HIGH, MEDIUM or LOW, depending on the degree of control that
we consider we have over the event.
It becomes an indicator of probability of occurrence. In this example we could assume
that the salespeople are all very experienced, so the probability that the order includes
the wrong product is LOW. But in the case of a new addition to the sales team, that
probability could go from MEDIUM to HIGH, if the salesperson has not been properly
trained.
(6) We will indicate HIGH, MEDIUM OR LOW depending on how much we think the
outputs may be diverted if the event occurs. In this case, let's think that the order
would end up being delivered and collected, but the profitability of the entire process
would be lower, we could characterize it as MEDIUM (-), negative because the
deviations would cause losses. Is the importance of clearly defining the outputs or
objectives understood?
2
Practical case
Risk analysis techniques. ISO 31010
EITHER EALDE
BUSINESS SCH
TABLE 1
Process 1
3
Practical case
Risk analysis techniques. ISO 31010
EITHE
REAL
DE BUSINESS SCHOOL
Exercise 2
On the “y” axis we have the probability. From the value “zero” (impossible
event), to the value “one” (sure event).
On the “x” axis we have the consequences. From the value “zero” (no effects on
the objectives), to the value “ten” (which surely compromises the objective).
As we see, the graph has 4 regions indicated with the letters A, B, C and D.
4
Practical case
Risk analysis techniques. ISO 31010
EITHE
REAL
DE BUSINESS SCH
“3” Region of true risk management. Events of low probability and medium-high
consequences.
“4” Region of very low probabilities and very low consequences. It is a region in
which events are not usually identified since we never think of them as a threat
and, furthermore, they really are not.
Question a)
Well, based on these considerations , complete TABLE 2 indicating with the
corresponding number (1,2,3,4), which description corresponds to each region
(A, B, C, D)
TABLE 2
REGION DESCRIPTION (Indicate 1,2,3 or 4)
TO
b
c
d
Question b)
Make a comment of between 500 and 800 words in which you compare region A
with region B, giving specific examples of each of them.
5
Practical case
Risk analysis techniques. ISO 31010
O EALDE
Exercise 3
We have seen in the techniques and tools class that ISO 31010 proposes the
following examples for each phase of the risk assessment process:
RISK MANAGEMENT
• Cross impact analysis
• Nominal groups
• Interviews
• S Curves
• Event tree analysis • bow tie
We have also seen that the characteristics that we should take into account of a
technique in order to assess its suitability are:
6
Practical case
Risk analysis techniques. ISO 31010
training required)
7
Practical case
Risk analysis techniques. ISO 31010
EITHER EA
LDE BUSINESS SCHOOL
Question a)
Choose any of the techniques in the figure and describe it using the parameters indicated
in the previous section (application, scope, time horizon...)
Question b)
Give a concrete example in which you would use the selected technique and briefly
describe (less than 250 words) how you would develop it.
8
Practical case EITHER EA
LDE
Risk analysis techniques. ISO 31010
BUSINESS SCHOOL
Exercise 4
Let's start from the following figure in which different characteristics of the companies
were shown according to their level of maturity:
Question a)
Define, for each of the 5 levels, a new characteristic that allows a company to be included
in that maturity level.
Question b)
Give an example of a typical maturity level 3 company and another, a typical level 1
company, briefly describing the reasons why they are included in that level. (500 words)