Risk Impact Calculation: Understanding Risk as Likelihood x Impact
Have you thought about the fundamental equation of the probability of the risk?
If you’ve seen an airline in the news recently, it’s probably been another story of a company brought to its knees by technology risk.
For businesses, technology risk is governed by one equation: Risk = Likelihood x Impact. Risk is a measure of the likelihood of an event occurring multiplied by its impact. This means that the total amount of risk exposure is the probability and impact of an unfortunate event occurring. Evaluating a risk involves assessing potential hazards and their impact. If you put a dollar value on the impact, then you can value the risk and in a simple way compare one risk factor to another.
A comprehensive risk assessment helps in identifying and prioritizing risks by evaluating both the probability of occurrence and the severity of potential consequences.
Is the Risk Equation an oversimplification? Sure. But it does provide several useful insights and pinpoints two basic ways to mitigate risk. The first is to reduce the likelihood of unexpected events. The second is to lower their impact on the business. Various methodologies and tools in risk management can be employed to achieve this.
But “Impact” is going up! If you’re a CIO, the problem here is that the impact of a risk is increasing, so technology risk is also increasing. When the right hand side increases, the left hand side increases.
Said another way, technology benefits and deployments have been rising, but so have dependency and risk. Digital technology has never played a more important role in business execution, and nearly every business process is dependent on one or more enterprise systems. Today the Office of the CIO is vital to nearly every process. And as we’ve learned from Delta to Starbucks, when technology glitches occur, business comes to a grinding halt.
Integrating risk management into the project lifecycle is essential to ensure that risks are identified, assessed, and mitigated effectively.
Let’s face it. The Impact term in the equation will continue to grow in the foreseeable future. Mobile, cloud, big data, and new digital platforms are here to stay and the pace of change and innovation is only likely to accelerate. That’s because they offer such enormous potential for businesses. Impact will grow and there’s nothing you can do about it.
The only lever for the CIO is to lower “Likelihood.” The Risk Equation makes it very clear. To lower risk, the best and only lever is to reduce the likelihood of unexpected events, software glitches, and project failures. Understanding the likelihood and severity of the risk is crucial. Fortunately, much of this is within the CIO’s direct control.
Check everything, all night every night. There’s really only one way to be sure that every application and process is ready for business in the morning. You (and your team) need to test it. High speed functional test automation makes it possible to check every process and app on a daily, weekly, or monthly basis. That could mean validating 500,000 process steps daily! As highlighted in a new IDC report, top firms are already applying high speed business process testing for SAP, web applications, mobile and much more, so it’s no longer a new approach.
Fix it fast. If a defect is found overnight or a function is not working as it should, your team can fix it immediately – before a flight or a cup of coffee is impacted.
With automation, you’ll see benefits in months, but full deployment can take two to three years for a complex global enterprise. I won’t kid you. Guaranteeing end-to-end business process quality isn’t easy and it takes a long-term commitment. But companies are doing it.
Managing enterprise systems doesn’t mean you have to accept unnecessary risk to your end-to-end processes. Understanding your risk enables you to design effective risk-response systems. With high velocity test automation it’s possible to lower risk and the likelihood of unexpected events, even as you deploy more advanced technology and cut costs.
You can’t eliminate technology risk altogether. But with the right plan, specialized expertise, 24/7 automation, and a commitment to long term success, you can minimize it. The math is simple.