Posted: Tue Jan 29, 2013 8:24 pm Post subject: Difference between Risk & Impact assessment
Could you please explain me what is Risk Assessment & what is Impact Assessment. As fas as i know both are same. But my new organisation having two document one is for Risk Assessment and one is for Impact Asssessment.
2. Could you please explain how to calculate Risk level. Like Risk level-1, 2, 3 & 4.
Joined: Mar 04, 2008 Posts: 1894 Location: Helensburgh
Posted: Tue Jan 29, 2013 10:11 pm Post subject:
Impact is about things that will happen (like the use of resources or downtime) risk is about things that might happen (like something going wrong or taking longer than predicted).
The simplest way to look at level of risk is to multiply the likelihood by the effect if it happens. What numbers you then assign to a particular level are a function of your company's aversion to risk, but probably anything fairly likely to happen which has severe consequences is probably level 1 and to be avoided. _________________ "Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718
Joined: Sep 16, 2006 Posts: 3553 Location: London, UK
Posted: Wed Jun 05, 2013 6:07 pm Post subject:
I am extremely puzzled by the types of questions you are asking in regards to Change Management
You have asked what is Risk & Assessment and how to classify
You have asked whether Dev and Test shuld be under change mgmt
You have asked several questions about the basic concpets of ChHange Management
What is even more troubling is that you have indicated that you are in a role of being the Change Manager for a customer / client
First, the obvious question - why ar eyou the CM if you have no knowledge, training or experience doing CM
Second, if this is a consulting role for a client, does your organization not think it is not good to have a CM who is not skilled enough to fulfill the role
Third - this site and other sites are not a substitute for training. While this site acan asnwer specific questions, it is usually about differences of opinion not trying to get free education by asking questions
Finally, when I started in CM, I did not have any experience either. However, what I had was experience in IT Operations seeing the impact of poor or no CM process in place. In addition, I had the ITIL Foundation course.
I also had - what I feel is an important quality for a change manager .
I am a power mad, anal retentive, pedantic dictatorial type control freak.
With this attitude, I realized that I am the one who has to write the policy, process etc and make sure it is well written and very clear.
I admit I used the information in the ITIL books as a guide and where I extrapolated the information to help me write the policy document
You need to have that level of confidence in doing the role of CM for your customer / client.
Also, when you write your first policy document, it will have errors in it because you need to get input and comments from those it impacts.
Remember, all documents are reviewed and changed to reflect the current situation _________________ John Hardesty
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter
When trying to define Risk & Impact for a Change, think about the "worst" that could happen if the Change is not successful.
Risk relates to what the organization is willing to "absorb" if the Change doesn't go well. Risk factors may be related to: Audit, Operational Stability, Regulatory, Financial, Reputation or Safety. So when assessing Risk, see if it may affect any of those Risk criteria.
Impact relates to "who" may be affected, or impacted if a Change does not go well.... is it a site, or a location, or a group of people using the application?
If you cannot answer any of these questions or if they are simply unknown, then the higher Risk & Impact your Change will be.
You will need to define the numeric value in terms of the Risk being, a High, Medium or Low Risk.
I've mostly seen the number "1" to indicate a high risk or a high severity level for an incident... so I'd stick with that classification.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum