Concept Flow - Risk analysis (probability and impact)
Identify Risk
↓
Estimate Probability
↓
Estimate Impact
↓
Calculate Risk Level
↓
Prioritize Risks
↓
Plan Response
The flow starts by identifying a risk, then estimating how likely it is and how big its impact could be. These are combined to find the risk level, which helps prioritize and plan how to handle it.
Execution Sample
Software Engineering
Risk = Probability * Impact
If Risk > Threshold:
Prioritize Risk
Else:
Monitor Risk
This simple formula calculates risk by multiplying probability and impact, then decides if the risk needs immediate attention or just monitoring.
Analysis Table
Step
Risk Identified
Probability (0-1)
Impact (1-10)
Risk Level (Probability x Impact)
Action
1
Data breach
0.3
8
2.4
Prioritize Risk
2
Server downtime
0.1
6
0.6
Monitor Risk
3
Software bug
0.5
4
2.0
Prioritize Risk
4
User error
0.2
3
0.6
Monitor Risk
5
Network failure
0.15
7
1.05
Monitor Risk
6
Threshold check
Risk Level > 1.5
If yes, Prioritize; else Monitor
💡 All risks evaluated; actions assigned based on risk level compared to threshold 1.5
State Tracker
Variable
Start
After 1
After 2
After 3
After 4
After 5
Final
Probability
-
0.3
0.1
0.5
0.2
0.15
-
Impact
-
8
6
4
3
7
-
Risk Level
-
2.4
0.6
2.0
0.6
1.05
-
Action
-
Prioritize
Monitor
Prioritize
Monitor
Monitor
-
Key Insights - 3 Insights
Why do we multiply probability by impact to get risk level?
Multiplying combines how likely a risk is with how bad it would be, giving a single number to compare risks fairly, as shown in execution_table rows 1-5.
What happens if a risk level is exactly on the threshold?
Typically, if risk level equals or exceeds the threshold (1.5 here), it is prioritized. This is shown in step 6 where risk levels above 1.5 lead to prioritization.
Why are some risks monitored instead of prioritized?
Risks with low risk levels (below threshold) are monitored because their chance or impact is low, so immediate action is not needed, as seen in rows 2,4,5.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the risk level of 'Software bug' at step 3?
A2.0
B0.5
C4
D2.5
💡 Hint
Check the 'Risk Level' column in row 3 of the execution_table.
At which step does the risk level first fall below the threshold of 1.5?
AStep 1
BStep 2
CStep 3
DStep 5
💡 Hint
Look at the 'Risk Level' values in execution_table rows and compare to threshold 1.5.
If the impact of 'Network failure' increased to 9, what would be the new action?
AMonitor Risk
BIgnore Risk
CPrioritize Risk
DNo Change
💡 Hint
Calculate new risk level: Probability 0.15 x Impact 9 = 1.35; compare to threshold 1.5 in variable_tracker.
Concept Snapshot
Risk analysis combines two factors:
- Probability: chance of risk happening (0 to 1)
- Impact: severity if risk occurs (scale 1 to 10)
Risk Level = Probability x Impact
If Risk Level > threshold, prioritize risk; else monitor.
This helps focus on the most important risks first.
Full Transcript
Risk analysis involves identifying potential problems, estimating how likely they are to happen and how bad their effects could be. We multiply probability and impact to get a risk level number. If this number is above a set threshold, we prioritize handling that risk; otherwise, we keep an eye on it. This process helps teams focus on the most serious risks first and plan responses accordingly.