The risk assessment

From RISKID Manual
Jump to: navigation, search

A standard risk assessment session in RISKID consists of the following steps:

Session flow.png


We will explain every step in detail in the following chapters. When you start a prepared session or continue a current session, you will find yourself in the risk assessment session.

Brainstorm

The first step in the risk assessment process is the identification/brainstorm of the risks by the participants. As long as the session is still live (you have not deleted it), participants can log back in whenever he/she wants to add new risks. This way participants have the freedom to brainstorm anywhere, anytime and input his/her ideas in RISKID in an extremely simple way. The participant has to use the exact same username/email to log back in, else the system cannot make a link between him/her and the items he/she already inputted before. As a result the participant cannot edit his/her own items and if the facilitator has set the risk assessment as a private session (participants can only see their own items), he/she can also not see his/her own items anymore.

Brainstorm about the risks


  1. The first step is to invite the participants to your session. RISKID provides you two ways to do this:
    • Click on the envelope icon at the top right corner of the screen. An invitation e-mail template will be composed via your standard mail client.
    • You can also copy the link location by right-clicking on the session name and send that link to the participants. Participants can login to the session via that login-link.
    • Keep in mind that anyone who has the login-link can get into the session. A more secure login procedure is described at the bottom of this chapter.
  2. This is the topic about which the risks are being brainstormed. You can edit this.
  3. Participants are asked to input every undesirable event separately. So one undesirable event per input.
  4. You can add one or more causes for the undesirable event. Enter every cause separately.
  5. The same procedure holds for adding one or more effects.
  6. Select, if possible, a category for the risk.
  7. Press the "Add" button to submit your input.
    • Your input is now saved in the system. Participants don't need to save or do anything else if they want to stop temporarily and continue at a later time.
    • Extra causes and effects can be added to the risks shown in the right "Submitted items" window. Simply double click a risk to open that risk for editing. Participants can only modify their own risks, and they can add extra causes and effects to risks of others.
    • The facilitator can view the history of each individual risk. To do this you need to double click on a risk and the press the "History" button. All mutations on the risk since its creation will be shown. Participants do not have access to this information.
  8. With this option you can decide if the participants can see each others input or not.
    • Participants do not have this option.
  9. If you have defined multiple topics, the participants can change topic to brainstorm by clicking on "Switch topic".
    • You can also add a new topic or delete a topic. Please note that if you delete a topic all data of that topic will also be deleted.

Secured login procedure: A higher security for the participants login procedure can be achieved if you send participants the following login-link: https://yourdomainname.riskid.nl With this link participants need to fill in the session code by themselves in contrast to the login-link from step 1. The session code can be sent in a separate mail to the participants. Additionally, it is recommended to create a difficult session code or change the code from time to time (do not forget to send the participants the new code). The trade-off of this procedure is a less user-friendly login procedure for participants.

Categorize

Categorize risks


The risks should have been categorized as such if you have defined categories at the brainstorm phase.

  1. If this is not the case or you want to categorize a risk differently, you can simply to this by drag and dropping a risk into a bucket.
    • You can also create a copy of a risk if you find a risk that needs to be categorized in multiple buckets. Open the risk by double-clicking it and then press the "Create a copy" button.
  2. With this button you can add a category.
  3. After clicking on a category you can open up a pop-up menu by clicking on the small black arrow on the right to add or edit your category.
  4. Use the Onderwerp wisselen.png button to switch to next topics. This button is also present in the subsequent steps.

The actions above can only be done by the facilitator (for participants the categorize step is view-only).

Group

In the grouping step similar risks or risks that are related to each other are merged together.

Group similar risks together


Merging risks together can be done in two ways and is a facilitator task (for participants the group step is view-only):

a) Drag and drop the risks that you want to group together into the rectangle with the text "Drop items here to create a group" (you can drop more than 2 items here), after which you can press the "Create Group" button to group the items together.
b) Drag a risk onto another risk to group them together.

N.B Press and hold the "Ctrl" button to select multiple risks to be grouped together.

Result after grouping


  • Open the newly created merged risk by double-clicking it. You can now edit the risk if needed. The group will be labeled with the text of the first risk in the group. If you used the dropbox method, the group will be labeled as the last risk dropped in the box. If you used drag and dropping on the risk, the group will be labeled as the risk that is being dropped on.
  • The causes and effects of every grouped risk will be merged together automatically. So you do not lose any information when grouping.
  • After you have grouped risks together, pay attention to the correctness of the merged causes and effects. Are they still valid after the merge? And edit them accordingly. You should also take care of causes and effects that are similar to each other by deleting the doubles.
  • Use the Onderwerp wisselen.png button to switch to next topics. This button is also present in the subsequent steps.

Evaluate

In this step the participants are asked to evaluate the identified risks on their probability of occurrence and their impact if the risk occurs. You can choose your own impact classes (Finance, Time, Quality, etc.) and evaluation scale (Low, Middle, High or 0 through 5). You can also edit your own score legend, so you can use your own labels for each scale value. The facilitator has to press "Start evaluation" in order for the participants to start voting on the risks of that topic. If you have multiple topics, you have to start the evaluation for each of the topics separately.

N.B. The moment you start the Evaluation round, only the risks that are currently in the system will be taken to the voting form. The risks that are inputted thereafter will not be shown on the voting form. This is to ensure everyone getting the same risks to vote on.

Evaluate the risks in probability and impact(s)


  1. Participants can evaluate each risk on probability and impact by using the slidebar.
  2. A participant can also decide to skip the evaluation of a risk. A reason could be that he/she doesn't know enough about the risk to provide a proper estimation of the risk value and because of that doesn't want to influence the voting result on that particular risk.
  3. Click on "Score legend" to view the explanation of the score values.
  4. The facilitator can decide to skip his entire vote, because he/she is purely facilitating the process. You can do this by pressing the "Skip my vote" button.
    • After having pressed "Skip my vote" you will see the intermediate voting results. See next chapter for an explanation on this.
  5. The button "Save vote" enables you to save your current progress and continue at a later moment. Please make sure to log back in with the exact same email address or username.
    • To prevent loss of information, the system will also automatically save your vote.
    • Each successful save will show a time-stamp. If you do not see a time-stamp behind "Last saved on:" please stop filling out the form. Your Internet connection is most likely disconnected. Make sure you are connected to the Internet again before continuing, else your voting form will not be submitted correctly.
  6. Use the button "Cast ballot" to submit your vote. Make sure you are finished with the voting.

Voting results

The (intermediate) voting result screen is shown either after the facilitator has pressed "Skip my vote" or when he/she cast his/her ballot. The participants get to see a message to wait for further instructions from the facilitator after they have cast their ballot. If the session has multiple topics, the participants can be asked to evaluate the risks of the other topics. Use the topic switcher button for this: Onderwerp wisselen.png. The participants can also be asked to wait till everyone has cast their ballot where after the results can be discussed in a group setting.

Risk evaluation result


RISKID uses the mode function to show the voting results. This means that we are not calculating the mean score for each risk, instead we show you which score value is the most voted on. So for example if for the impact of a risk there are 4 votes for 1 and 8 votes for 5, the system shows that the impact of that risk = 5. The reason for choosing the mode over the mean is as follows. It would be weird if for example the impact in financial terms for 1 means 100.000 euros and 5 means 150 million, that if we would take the mean for the impact, the impact ends up as 75 million financial damage. You cannot just take the mean for such calculations. Another example would be impact in safety terms: 1 meaning non permanent injury and 5 meaning mortality. It doesn't make any sense to calculate the mean for a risk and end up being half dead...

  1. This is the number of votes that has been casted. You can click on this number to see who has voted and who hasn't. You can use this information to remind the people to cast their vote.
  2. The voting round can be stopped by clicking the button "Finish voting". Press this button if you want to move to the next step of discussing the voting results. Be aware however that once you have pressed "Finish voting" no votes can be casted anymore.
  3. This is the risk rating which is equal to the probability times the sum of the impacts. You can sort the list of risks on this number.
  4. The weight is composed from the colors of the risks in the risk matrix. For example if the voting result shows that the risk in Financial terms is in the red and in Time terms in the yellow, the weight value will be a rectangle (a medal) with one red block and one yellow block. We have assigned the numerical value of 100 to red , 10 to yellow and 1 to green. This way we can do a medal ranking between the risks. A red block (gold) has 10 times more value than a yellow one (silver), which in turn is 10 times more valuable than green one (bronze). We do this because our standard risk matrix is not symmetrical. A risk with a low probability, but with a catastrophic impact (probability: 1 and impact: 5) is assigned a yellow color, but it may very well be red because we generally find such a risk way more serious than a risk that occurs very often, but without any real harm (probability: 5 and impact: 1). Mathematically both risk has the risk rating of 5 (1x5 or 5x1) which would mean they are both equally important. The ranking after sorting on weight would in most cases fit better to the people's feeling of which are the top risks. In most cases the list would not differ much from sorting on risk rating, but sorting on weight gives you a better overview of which risks are situated in the top left quadrant of the risk matrix. In the picture below the dot will result in a yellow block in the voting result table, the weight column shows the combination of all these blocks for each risk (sum of all weights of the risk).
    The weight of the risk derived from the risk matrix

  5. The tool directs you distinctively to the risks where there is no consensus and thus needs to be discussed under the guidance of a facilitator. This is done via the standard deviation (SD). Based on the probability and impact voting the system calculates the mean deviation of the group. SD values of risks that are higher than this mean SD will have red brackets. This means that the group is not in consensus on the value that that risk has been assigned to. This forms the discussion point for the facilitator to discuss with the group.
  6. When the voting round is stopped, the facilitator can press "edit" to change the values for probability and impacts of that risk according to the discussion. The red standard deviation bracket(s) will be removed and there will be an * behind the risk description to show that the risk has been discussed.
  7. The different risk matrix can be viewed by clicking on the tabs.

Reset voting

When you have stopped the voting round participants cannot give their votes on the risks anymore. However, in some cases you would want to re-open the voting round because you want to give opportunity to some extra participants to vote. Or when the list of risks has been changed (extra risks have been added or grouped some risks together) and you want the participants to give their votes on the new list of risks. To this end, you can use the "Reset voting" button.

Reset the voting round


When you reset the voting round, you have 3 choices to process the existing votes:

  1. The votes will be left untouched. All votes that are submitted remain so and voters that are still in the middle of voting are able to continue when the facilitator has started the voting round again. Choose this option when for example you want to invite extra people to give their votes or when you want to extend the voting deadline.
  2. The votes must be submitted again. All votes, even submitted votes, are re-opened and the voters must log in again to review their votes and submit them. They get their own voting form back that they have submitted before. Choose this option when for example there are some new risks that have been added and you want all participants to give their opinion on those new risks. Or when you want to re-adjust the voting form. Keep in mind that every participant have to re-submit his/her vote again.
  3. The votes will be deleted. All votes are removed and voters must log in again and vote. Choose this option when for example you want to change the voting style or legend.

Controls

When the Evaluation round is finished (the facilitator pressed "Finish voting"), you can add control measures to the (high) risks by simply clicking on them. You will see the measures window where you can add measures and also assign the risk to a risk owner. Participants can also perform these actions.

Define control measures and risk owner(s) for the risks


  1. Add a new measure to the risk by inputting the description of the measure. If possible, provide the actor, status, deadline and start date.
    • When you click on the actor field, you get the option to add a new person or role (if the person you want is not on the list).
  2. From the list you can select multiple persons and/or roles as risk owner.
  3. Causes, effects and comments of the risk can be retrieved and edited as you please or according to the group discussion.
  4. This is the risk score. Click on "Details" to see how the risk score is calculated.

Residual Risk/Target Risk

In this step you can determine the residual/target risk rating of the risks that has at least one control measure. The procedure is the same as for the evaluate step before. However, in this case only the risks with control measures are included in the evaluation of the residual/target risk. Participants are asked to answer the question: what would the risk rating be if the defined measures on that risk are implemented. The risks on this voting form are initially set to the initial risk rating, taken from the previous evaluation result.

Tip: This step can be done in a group discussion setting when you are already together to the discuss the initial voting results. You can then just fill in one voting form (the facilitator one) lead by the discussion. This will significantly speed up the process since the discussion and risk voting parts are taken together.

Overview

In the overview you will see all the identified risks. These are the grouped risks, so it is not the same as the list in the Brainstorm step. You can sort the risks on risk ratings, probability and impact. Tick the checkbox behind a risk in the "Monitor" column to monitor that risk. Only risks that are monitored will be transferred in the RISKID.Monitor module. This is the module where the participants can manage their assigned risks and measures. Explanation of this module can be found in the left menu. In the overview you can open a risk for editing by clicking on it. Finally, you can filter the list on categories.

Overview of all the identified risks


Reports

In RISKID you can generate different types of reports in various formats with one simple click on the Rapport.png button. This button is located on the top right of the screen.

The following types of reports are available:

  1. Excel report of the current risk topic. Select:
    • Excel 2007 (.xlsx)
    • Excel 2003 (.xlsx)
  2. Excel report of all risk topics. Select:
    • Excel 2007 (.xlsx) All sessions
    • Excel 2003 (.xlsx) All sessions
  3. Word report of the session. Select:
    • Overview risks (.rtf). You can open this file in Word.
  4. Overview of the control measures in Excel. Select:
    • Overview measures (.xlsx)
  5. Overview of the votes per person. This can be useful during the discussion of the voting results, because it is often the case that participants don't remember anymore how they voted on the risks. Select:
    • Votes per person (.xlsx)