Taxonomies Tools & Techniques Training Examples
Tools & Techniques
Acquisition Risk Management Risk Prioritization
Reference: Franklin, C. E., Lt. Gen (USAF) Commander ESC, January Memorandum for ESC Program Managers, ESC/CC, Risk Management, Department of the Air Force, Headquarters ESC (AFMC) Hanscom Air Force Base, MA.
Operational Risk Management Risk Prioritization
Reference: Pocket Guide to Operational Risk Management
Other Priority Definitions
Definition: The Impact Score of an identified risk is the average of the three equivalent numerical values associated with the risk impact ratings selected for the three impact areas Cost, Schedule, and Technical Performance.
Definition: The Risk Score (equation 1) of an identified risk is the weighted average of the equivalent numerical values associated with the risk's Probability, Impact Score, and Timeframe.
In equation 1, U1 is the risk's Probability with importance weight w1, U2 is the Impact Score with importance weight w2, and U3 is the equivalent numerical value for the risk's Timeframe with importance weight w3. Furthermore, the weights sum to unity; that is, w1 + w2 + w3 = 1.
Definition: If the impact of a risk to a project on Cost, Schedule, Technical Performance is such that it would cause project termination, then it is rated Severe and the Impact Score defaults to its maximum numerical value of one.
Definition: Risk Score is defined to be equal to one if the Impact Score is equal to one (refer to equation 1).
Definition: The overall Rating for Impact and Risk Priority is defined as follows:
The table below summarizes the results of the scoring and risk ranking process described above.
Risk Score is used to rank a risk's priority relative to the other identified risks. The risk with the highest risk score is ranked first in priority, the risk with the next highest risk score is ranked second in priority and so forth. The closer the risk score is to one the higher the priority; the closer a risk score is to zero the lesser the priority.
Reference: Garvey, Paul R., "Implementing a Risk Management Process for a Large Scale Information System Upgrade - A Case Study", INCOSE Insight, May 2001, p.7-8.