Risk Assessment and Classification

NAME :HASSAN AKBER

ROLL NO :CE-022 (2019-20)
Qualitative Risk Analysis
 Organizations use risk assessment and
classification process to prepare for uncertainty by
prioritizing time and money towards risk with
greatest impact.
 Risk assessment and classification is influenced
by organization tolerance towards risk and how to
response to it
Classification and Prioritization
Qualitative risk analysis is an analysis of the various
qualities that makeup each risk
The primary factors are probability and impact but other
factors such as urgency is also accounted.
Methods and Tools used in qualitative risk analysis
discussed are
Risk categorization
Probability and impact assessment
Risk urgency assessment
Data quality assessment
Risk Categorization
Global Associations of Risk Professional classifies risk in operational categories as
follows
 Personal Risk (e.g internal fraud, human error)
 Physical assets (loss of business environments/assest)
 Technology ( e,g virus damages, system failures)
 Relationships (e.g, liabilities, lawsuits, loss of reputation)
 External/ regulatory( e.g external fraud, government incentive/restrictions.
Other Ways to Categorize Supply Chain Risk

 Strategic Supply Chain Risk

 Supply Risk
 Demand Risk
 Process Risk
 Environmental Risk
 Hazard Risks
 Financial Risk
 Malfeasance Risk
 Litigation Risk
Probability and Impact Assessment
Impact
 It is the magnitude of the loss or gain. It considers the importance of the process
or assets at risk to the organization
 Organization can decide on how to label the categories and assign percentages to
these labels .
Probability
 It is the probability of occurrence. Evaluate and rank the probability of the
scenario occurring
 The Final Task in this step is to create a matrix where consequence level and
likelihood are identified for each scenario. It revels each scenario overall risk
rating.
 APICS defines supplier’s/customer’s/product's risk rating as “ the numerical risk
rating for supplier, customer or product. Normalized and used for comparison
purpose
 Risk Rating is commonly described using the Following equation
Risk Rating= Probablity x Impact
Categorization of Risk Levels

Probability High Probability High Probability

Low Impact High Impact

Low Probability Low Probability

Low Impact high Impact

Impact
Probability and Impact Matrix
 Accept all low risk(do nothing but monitor them on watch list)
 Use Expert Judgement to decide how to handle medium risks
 Make a proactive plan to address all high risks
Risk Urgency Assessment
 Organization need to increase the priority of risk that will
require further action based on their urgency
 If the action requires to be quick for response to be effective at
all for the risk then this analysis might move the response higher
in priority and earlier in schedule
Data Quality Assessment
 Data Assessment is used to determine how well the risk is understood.
It also access the reliability, accuracy and integrity of the underlying data used to make the
assessment .
 Low quality data can lead to inaccurate risk ratings.
If the data for the risk assessment is hard to come by, it is important to indicate how tentative the risk
rating and that risk is not well understood.
In Context of data quality reliability refers to whether the same result would be obtained if the same
measurement procedure is used multiple times.

.
 “Accuracy is the degree of freedom from the error or the degree of conformity to
a standard “ (APICS Dictionary 15th Edition)
 It involves checking the data math error. It may also involve checking risk level
against the external sources to see if they conform to available external standards
such as risk data base.
 Data Integrity is assurance that data accurately reflects the environment it is
representing.
Conclusion
Once all of the various assessment are complete, supply chain managers circle back
to reevaluate each risk
 Revaluating the organization risk priorities , determining if it is at an acceptable
level or there is need s to be further action taken
 Verifying that the recommended actions are in accordance with the organization
risk tolerance level
 Adding the result of the analysis to the risk register