Risk Rating Criteria

In order to evaluate the level of a risk of a change, the likelihood of it going wrong and the impact of it going wrong needs to be assessed. Both of these aspects are given integers between 1 and 4 (inclusive): 


Rating

Likelihood

Impact

1Not expected, but there's a slight possibility it may occur at some time.Minimal impact
2The event may occur at some time.Minor impact, local service disruption less than 1 week
3There is a strong possibility the event will occur.Serious disruption for multiple users, more than a week
4Very likely. The event is expected to occur.Serious disruption to the ability to deliver service


The resulting risk level is calculated by the product of Likelihood and Impact, resulting in a score from 1 to 16. The risks may then be prioritized in the following way:

  • Low: 1 and 2
  • Medium: 3 and 4
  • High: 6, 8, and 9
  • Extreme: 12 and 16


LikelihoodImpact




1 - Minimal impact2 - Minor impact, local service disruption less than 1 week3 - Serious disruption for multiple users, more than a week4 - Serious disruption to the ability to deliver service
1 - Unlikely to happen(1) Low(2) Low(3) Medium(4) Medium
2 - Happens less than once per year(2) Low(4) Medium(6) High(8) High
3 - Happens every few months / more than once per year(3) Medium(6) High(9) High(12) Extreme
4 - Happens every 2-3 months or more frequently(4) Medium(8) High(12) Extreme(16) Extreme
  • No labels