How should we estimate impact?
Impact (sometimes called Risk Severity) is the expected harm or adverse effect that may occur due to exposure to the Risk. In other words, it measures how bad things could get if a particular Risk occurs. Whilst you will typically focus on highest impact risks, do not forget that what may be a lower impact risk can change to a very high impact risk because of the possible connection between it happening and triggering the occurrence of other risks. One low impact risk may lead to another and another so that the cumulative impact becomes extreme or catastrophic.
Description | Score | Impact on Organisation's service and reputation |
Insignificant | 1 | No impact on service or reputation |
Minor | 2 | Little impact on service or reputation |
Moderate | 3 | Some service disruption, complaints or litigation probable |
Major | 4 | Service disrupted, complaints or litigation probable |
Extreme/Catastrophic | 5 | Service disrupted, major litigation or reputational damage likely, loss of confidence in Organisation |
Use this as a simple guide to quantify your Risks. It isn’t a precise science – the key thing is that you are able to prioritise the threats that face you and devise strategies to combat them.