Risk Management Part 7 – Impact Assessment
Once the undesired effects have been determined, and in order to continue with the Risk Analysis, we must assess how much the different clients are impacted. Giving an impact value will help us to understand the type of control that will need to be implemented in the following phases of Risk Analysis.
In the FMEA methodology, impact assessment is known as Severity and it assigns a numerical value that gives us an idea of the impact of the undesired effect.
The severity table used by FMEA defines quantitative end-user impact values and the following process:
|End User||Severity||Following Process|
|Security / Legal without warning||10||Security without warning|
|Security / Legal without warning||9||Security with warning|
|Loss of primary function||8||Waste – 100%|
|Degradation of primary function||7||Waste – A portion|
|Loss of secondary function||6||Reworking – 100% out of station|
|Degradation of secondary function||5||Reworking – A portion outside the station|
|Appearance – High Discomfort||4||Reworking – 100% at the station|
|Appearance – Medium Discomfort||3||Reworking – A portion at the station|
|Appearance – Low Discomfort||2||Discomfort|
|No impact||1||No impact|
A qualitative impact assessment criterion can be generated, such as the following:
|Critical||Security / Legal Violations|
|Major||Failure to comply with customer requirements|
|Moderate||Compliance with customer requirements, but with inefficiency (cost)|
|Minor||Non-compliance with internal requirements|
|Low||Full compliance with requirements|
Each organization may define the criteria that best suit it, but the requirement is that each Undesired Effect must be assessed at its level of impact (severity).