Lecture Notes: Risk Assessment

Introduction to Risk Assessment

Risk assessment involves evaluating potential risks based on various variables.
Two main types of risk assessments:
- Qualitative Risk Assessment
- Quantitative Risk Assessment

Involves specific value calculations.
Key Metrics
- ARO (Annualized Rate of Occurrence): Frequency of risk occurrence in a year.
- AV (Asset Value): Value of an asset to the organization (beyond replacement cost).
- EF (Exposure Factor): Percentage loss of asset value due to risk (e.g., EF = 1.0 for total loss).
Calculations
- SLE (Single Loss Expectancy)
  - Formula: SLE = AV x EF
  - Example: Stolen Laptop with AV = $1,000, EF = 1.0 results in SLE = $1,000
- ALE (Annualized Loss Expectancy)
  - Formula: ALE = ARO x SLE
  - Example: 7 laptops stolen annually, ARO = 7, SLE = $1,000 results in ALE = $7,000

Life Safety: Top priority in risk assessment; focus on ensuring safety.
Property Impact: Evaluating effects on buildings and resources.
Safety Impact: Consideration of how risks affect safety of individuals and organization.
Financial Impact: Financial costs from risks, as discussed in quantitative analysis.

Likelihood: Qualitative value (e.g., rare, possible, almost certain).
Probability: Quantitative value, often statistical, based on historical data.
Terms are sometimes used interchangeably.

Risk Appetite: Amount of risk an organization is willing to take.
- Described qualitatively (e.g., conservative, neutral, expansionary).
Risk Tolerance: Larger variance than risk appetite.
- Practical Example: Speed limit metaphor comparing appetite and tolerance.

Risk Register: Documents risks in projects.
- Each risk described with a key risk indicator.
- Assigns an owner to manage each risk.
- Defines the risk threshold for projects.
- Balances cost of resolving risk with potential company costs.