Risk Severity: Definition, Calculation, and Reduction

Risk Severity is often taken into account when you are performing risk management. Whether dealing with small or big risks, it is essential to know the Severity of each to create an effective Risk management strategy. In this article, we go deeper into the meaning of Risk severity, how to determine it and what to do about it.

What is Risk Severity?

Risk Severity (also called Risk Impact) is the expected harm or adverse effect that may occur due to exposure to the Risk. In other words, it measures how bad things could get if a particular Risk materializes.

When the Risk Severity is high, it means that the potential harm is also high, and, as a result, more attention and resources should be devoted to managing that Risk. Conversely, when the Risk Severity is low, the potential harm is also considered low, and less attention may be needed to manage it.

Describing the Risk Severity with the Ordinal Scale

One of the most common ways to describe Risk Severity is using an ordinal scale. This is because it’s often difficult, if not impossible, to quantify the amount of harm that might occur precisely. An ordinal scale is a way of ranking something in order from least to most severe.

An example of an ordinal scale of 5 is:

• 1 = Negligible: The Risk is so small that the team can ignore it.
• 2 = Low: The Risk is insignificant and can be managed with routine procedures.
• 3 = Medium: The Risk is significant but manageable with additional controls or mitigations.
• 4 = High: The Risk is severe and requires immediate attention and action.
• 5 = Maximum: The Risk is intense and needs to be addressed.

How do you determine the Risk Severity?

There are several impacts that a Risk can have on a project. For example, it can cause delays, cost overruns, or failure. With this, calculating the Risk Severity will differ for each aspect of the project.

• Delays may be measured on the time that has passed after the deadline.
• Cost overruns are usually measured in percentage.
• Performance is often measured in terms of the objectives that were not met.

As you can see, the Risk Severity is different depending on the perspective from which it’s being measured. You could quantify the ordinal scale using percentages, time or cost overruns. This way, overlap may occur.

For example, a delay of 1 day (2%) may be considered low Severity, but if that delay causes the project to go over budget, the cost overrun would be regarded as high Severity.

Risks can therefore be delegated to several Risk Domains and analyzed by several departments to decide how the Risk will impact their part of the project.

The Risk Severity for rocket failure is lower when the payload of a rocket is CubeSats compared to Astronauts

Why is Risk Severity important for Risk Management?

Risk Severity helps to prioritize Risks to perform risk management. A Risk with a high Impact will typically be more important than a Low Impact. However, Risk Severity is only one factor that should be considered when prioritizing Risks. The other important factor is the Risk Likelihood. Knowing both, you can create a Risk Matrix and calculate a Risk Magnitude (Risk Likelihood x Risk Impact).

Factors that can affect Risk Severity

Several factors can affect Risk Severity. Here are some examples:

• Size: The size of the project can affect Risk Severity. A bigger team and a bigger budget typically mean failure will be more severe.
• Complexity: The complexity of the project can also affect Risk Severity. When a project is complex, going wrong can have a domino effect and cause even more problems.
• Importance: The importance of the project can also affect Risk Severity. A small risk that can have big consequences for the people involved.

Importance of Risk Severity assessment

Knowing the Risk Severity will help you take appropriate actions for Risk Mitigation. Understanding the Risk Severity helps identify the losses you could experience if the Risk materialises. If the Risk Severity is low, you may not need to take any action, and if it’s high, you will need to take more aggressive actions.

How to Mitigate Risks by reducing their Risk Severity?

Depending on the type of Risk you are dealing with, you can reduce its Severity. Aspects you can look at are:

• Material: Change the material.
• Design: Change the design or configuration.
• Process: Change the process.
• Work environment: Improve the work environment.
• Training: Provide more training to employees or change the training program.
• Communication: Improve communication between departments or between the company and its stakeholders.
• Change the planning: Change deadlines, milestones, or the sequence of activities.
• Get more funding: Get more money to cover unexpected costs.
• Cancel the project: If the Risk is too high, you may need to cancel the project.

Tracking Risk Severity with the eRISK module of ECLIPSE Suite

The eRISK module of the ECLIPSE Suite can be used to track Risk Severity. It’s a web-based application that offers a secure and collaborative environment to manage projects. The eRISK module lets you create a Risk Register where you can track the Risks of your project. You can assign each Risk a severity level and track the Risk Severity over time. If you want to learn more about the eRISK module of ECLIPSE Suite, contact us today for a free demo.