Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: ZUEG
New Today: 5
New Yesterday: 54
Overall: 145981

People Online:
Visitors: 63
Members: 1
Total: 64 .

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - Risk and Impact definition?
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Risk and Impact definition?

 
Post new topic   Reply to topic    ITIL Forum Index -> Change Management
View previous topic :: View next topic  
Author Message
Fredizz
Newbie
Newbie


Joined: Sep 22, 2006
Posts: 11

PostPosted: Tue Sep 26, 2006 9:49 pm    Post subject: Risk and Impact definition? Reply with quote

Is there any difference in the way you define and measure the risk and the impact?
How would you define the difference between them if there is one?
Is there a way to "calculate" them, so i would be able to implement it in my organisation.
Back to top
View user's profile
fighter
Senior Itiler


Joined: Mar 15, 2006
Posts: 68
Location: Thailand

PostPosted: Wed Sep 27, 2006 12:43 pm    Post subject: Reply with quote

Fredizz,

Impact is the step by step analysis of the Risk involved in the change.

Impact can be impact on no of users, Configuration Item likely to be impacted by the change, Implementation complexity & Change Complexity, If the change tested, Backout is tested to name a few...

You can grade them from the scale of 1 - 10 .... the higher the grade the higher the risk..

Hope it helps..

Vimzie!!
Back to top
View user's profile
m_croon
Senior Itiler


Joined: Aug 11, 2006
Posts: 262
Location: Netherlands

PostPosted: Wed Sep 27, 2006 4:11 pm    Post subject: Reply with quote

fighter wrote:
Impact can be impact on no of users, Configuration Item likely to be impacted by the change, !

In other words: Impact is the (weight of the) effect that occurs when a risk becomes reality.
Back to top
View user's profile Visit poster's website
Fredizz
Newbie
Newbie


Joined: Sep 22, 2006
Posts: 11

PostPosted: Wed Sep 27, 2006 8:48 pm    Post subject: Impact and risk definition? Reply with quote

So if i understand quite well, you mean that the impact description will define the level of the risk, for example:

(Impact description) number of users affected + metal of application affected+availability affected+....=Risk level (high, medium,small)

So risk description=impact description, am i correct?
Back to top
View user's profile
m_croon
Senior Itiler


Joined: Aug 11, 2006
Posts: 262
Location: Netherlands

PostPosted: Thu Sep 28, 2006 4:35 am    Post subject: Re: Impact and risk definition? Reply with quote

Fredizz wrote:
So if i understand quite well, you mean that the impact description will define the level of the risk, for example:

(Impact description) number of users affected + metal of application affected+availability affected+....=Risk level (high, medium,small)

So risk description=impact description, am i correct?


I'm afraid my lack of English is getting in the way. Let's say that the risk is "fire". The impact on the central IT department with server room (many or all users potentially affected) is a different one than the impact on a different /decentralized location (only local users affected). your counter measures in case the risk actually occurs should therefor be different when the fire occurs in the central dept as compared to a localized fire. Maybe not the best example. Impact can be defined as users, money, business continuity etc.

Does this make it clearer?
Back to top
View user's profile Visit poster's website
fighter
Senior Itiler


Joined: Mar 15, 2006
Posts: 68
Location: Thailand

PostPosted: Thu Sep 28, 2006 12:03 pm    Post subject: Reply with quote

I agree with m_croon

Cannot put it any better!
Back to top
View user's profile
Fredizz
Newbie
Newbie


Joined: Sep 22, 2006
Posts: 11

PostPosted: Thu Sep 28, 2006 6:25 pm    Post subject: Reply with quote

Wink That's perfectly clear, my next question will be, are those 2 values linked or tighted together or rather, can their value differ?

Can you give an example whether risk will be high and the impact low
and the impact high but the risk low?

and then i'll promise i'm done with this subject...
Back to top
View user's profile
fighter
Senior Itiler


Joined: Mar 15, 2006
Posts: 68
Location: Thailand

PostPosted: Thu Sep 28, 2006 6:34 pm    Post subject: Reply with quote

Ok think about this scenario..

You have software for your organisation no of users is only 10 and revenue is $100K each day on these system and Availability is 24*7.

Impact on no of users 10. which is quite low.

Impact on Revenue is $100k each day

The over all risk is high here...

There might be a internal HR system which ever user accesses lets say 10000 and the revenue generated out of the system is $0. Ofcourse there are other values the system generates.

The risk on this system is low..

Hope this helps!

Vimzie!!
Back to top
View user's profile
Fredizz
Newbie
Newbie


Joined: Sep 22, 2006
Posts: 11

PostPosted: Thu Sep 28, 2006 7:10 pm    Post subject: Reply with quote

Ok, that make sense, however you'll agree that most likely if the impact is high then the risk should be in most of the cases high too.
Back to top
View user's profile
fighter
Senior Itiler


Joined: Mar 15, 2006
Posts: 68
Location: Thailand

PostPosted: Thu Sep 28, 2006 8:28 pm    Post subject: Reply with quote

Yes Fredizz, you are right.. In most cases if the impact is high, risk is high as well...

Vimzie!
Back to top
View user's profile
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3314
Location: London, UK

PostPosted: Fri Sep 29, 2006 10:18 pm    Post subject: Reply with quote

Risk and Impact will not necessary follow the same scale.

So a High Risk High Impact may occur as well as a Low Risk High Impact and everything in between

The fire analogy was pretty good.

Use Impact as the effect on the users
Use Risk to determine the chance of Impact happening as well as any consequences.

I will use the water balloon scenario.

You have 10 water balloons. You are tossing them one at a time from your apartment

To the fellow walking below, there is a chance of the baloon IMPACTing on him

To the person dropping the balloon, there is RISK of getting caught and getting the crap beat out of you by the fellow below or your parents .... grin
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> Change Management All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.