Improve Your Risk Evaluation and Control tip #8 – cost analysis

Once you have compiled a list of risk categories and exposures from both internal and external sources, each possible event should be rated according to the probability that it will occur and what possible impact it could have on your organization.

Be sure to define your rating terms. For example:

Probability is the likelihood of this event impacting our organization in the next 10 years.

Severity is the maximum financial loss to our organization that could be caused by this event.

The size and complexity of your organization will determine how you develop the rating system.  A small simple organization should use a simple rating system such as this:

Probability Severity
1 Low 01% to 35% 1 Low Up to   $99,999
2 Medium 36%   to 70% 2 Medium $100,000 to   $999,999
3 High 71%   to 99% 3 High Over   $1,000,000

A larger, more complex organization might want to have a more layered approach:

Probability
1 Low Up to 35%
2 Medium 36% to 59%
3 High 60% to 79%
4 Very High Over 80%
Severity
1 Low Up to   $99,999
2 Medium $100,000 to   $999,999
3 High $1,000,000   to $9,999,999
4 Very High $10,000,000 to 99,999,999
5   Catastrophic Over   $100,000,000

Always use both words and numbers to quantify the exposures/risks.  Risks should be ranked according to their risk number (probability multiplied by severity) and charted on a graph that clearly indicates all risk/exposures outside of the entities risk tolerance. Rating of the risks can be done by a small group of key personnel or a larger survey. The larger survey can also be used to identify loss controls and safeguards.

Tip #8 Rank recommendations for prevention measures in order of cost-effectiveness

More expensive loss control measures should be submitted to upper management with cost analysis and your recommendations based upon the level of risk to the organization.

Return tomorrow for our next tip…

(For more information on DRI’s professional practices please read Professional Practice One – Program Initiation and Management DRII Professional Practices  June 1, 2012 Version 1)

Advertisements
  • Be Prepared

  • Professionals

  • Categories

%d bloggers like this: