P x I = Value interpretation for residual risk?


Trusted Information Resource
Hi everybody
When calculating the risk value, the impact is always the same?
An example:
Risk of delivery poor quality products to clients
Previous situation:
P=5 x I = 5, is high value because will affect my clients
= 25, that is risk value.
Current: I applied actions for mitigation, now ,
P= 1 and I= 5?
Question, impact is considered how I affect always my clients ?
Or according to the new probability value?
The case is for calculation the residual risk.

Mark Meer

Trusted Information Resource
You are correct. If applying the PxI, your residual risk after applying controls would now be 5 (P(1) x I(5)). Assuming you're using a 1-5 scale, it would appear that your controls reduce the probability of the widespread catastrophe (whatever that is) to negligible (1), but IF it still happens it will still be just as disastrous (I = 5).

If I may make a suggestion: you may want to refine what you are evaluating to make the exercise more worthwhile. To calculate "delivery of poor quality products" is pretty general. You could go a step further, and evaluate risk for different scenarios...

For example:

  • "Delivery of products that are dead on arrival"
  • "Delivery of products that fail in the field"
  • "Delivery of products that fail before warranty, but in a safe manner" (e.g. aesthetic defects)

You can even go further and anticipate exactly what might fail:
  • "Product fails due to battery loosing capacity"
  • "Product fails due to customer's failure to maintain according to instructions"

The identification of scenarios, and evaluations depends on what your product is, of course. But you can be as granular as needed in order to glean some useful information (identify where your greatest risks lie, where controls need to be applied.).

Top Bottom