Risks

Returning to your Impact Analysis form, document the risks for at least the assets you have listed and scored as of critical importance (a 3). If an asset has more than one risk associated with it, as most will, either insert a new line into your spreadsheet to include it or move the remaining asset list down to make space for it. You should end up with one asset and associated risk per line.

If you would like to see an example, one is available for your review here.

Now evaluate the probability of each risk's occurrence, with a 1 meaning it is unlikely to occur and a 3 meaning it is very likely to occur. Your next step is to rate the impact of the risk's occurrence, with a 1 meaning it would have little to no impact and a 3 meaning it would have a great impact.

The numbers you have assigned for importance of the asset, risk probability, and risk impact are added together to determine an overall risk score. The higher risk scores indicate risks that should be reviewed first.

All risks cannot be addressed, as any organization must cope with limited resources and the need to function. However, an organization can use its Impact Analysis to determine critical risks for further consideration.

Form: Impact Analysis

Form: Impact Analysis Example