Risk Ranking and Mitigation

How to Rank Programme Risks

Individually rank each risk identified according to its frequency/likelihood and its severity.    
Enter information into white cells.  Shaded cells will calculate automatically.

Step 1 – Rank the frequency/likelihood of a given risk from 1 to 4 using these criteria:

4 = Very Likely - Almost certain to occur over the life of the project (or a 10 year period - whichever is shorter)
3 = Likely - Probably will occur during a 10-year period
2 = Unlikely - Probably will NOT occur during a 10-year period
1 = Very Unlikely - Almost certain NOT to occur during a 10-year period

Step 2 – Rank the severity of a given risk from 1 to 4 using these criteria:

4 = Very High – Would prevent goals and objectives from being achieved
3 = High – Would cause significant problems or delays in objectives being achieved
2 = Medium – Would cause relatively minor problems or delays in objectives being achieved
1 = Low – Would probably not affect project implementation

Step 3 – Compute the average frequency/likelihood and average severity ranking for each risk category. 

The risk assessment tool will calculate and display these averages automatically.

Step 4 – Add the average frequency/likelihood and severity ranking for each risk category.

The risk assessment tool will calculate and display these sums automatically.

Step 5 – Determine whether each risk category is high, medium, or low according to the following thresholds:

6-8 High Risk (red) – You should have a detailed mitigation action and perhaps consider modifying your goals and objectives
4-5 Medium Risk (yellow) – You should have a clearly defined mitigation action
1-3 Low Risk (green) – No mitigation action required (or a very basic action if you think it is necessary)

The risk assessment tool will determine and display whether each risk is high, medium or low automatically.
High risks categories will automatically turn cells red, medium risks will automatically turn yellow, and low risks will automatically turn green.

How to develop Risk Mitigation Actions

For risks that are essentially internal (e.g. Capacity, Leadership, Partners) you should focus on taking action to reduce the risk.  
For risks that are external to the project (e.g. Political, Economic) your response will more likely be to develop contingency plans and monitor the risks.

Your overall risk mitigation strategy should be simple, clear and manageable with the resources available.