Risk Management Part 7 – Impact Assessment

Once the undesired effects have been determined, and in order to continue with the Risk Analysis, we must assess how much the different clients are impacted. Giving an impact value will help us to understand the type of control that will need to be implemented in the following phases of Risk Analysis.


In the FMEA methodology, impact assessment is known as Severity and it assigns a numerical value that gives us an idea of the impact of the undesired effect.


The severity table used by FMEA defines quantitative end-user impact values and the following process:


End User Severity Following Process
Security / Legal without warning 10 Security without warning
Security / Legal without warning 9 Security with warning
Loss of primary function 8 Waste – 100%
Degradation of primary function 7 Waste –  A portion
Loss of secondary function 6 Reworking – 100%  out of station
Degradation of secondary function 5 Reworking –  A portion outside the station
Appearance – High Discomfort 4 Reworking – 100%  at the station
Appearance – Medium Discomfort 3 Reworking –  A portion at the station
Appearance – Low Discomfort 2 Discomfort
No impact 1 No impact


A qualitative impact assessment criterion can be generated, such as the following:


Impact Criteria
Critical Security / Legal Violations
Major Failure to comply with customer requirements
Moderate Compliance with customer requirements, but with inefficiency (cost)
Minor Non-compliance with internal requirements
Low Full compliance with requirements


Each organization may define the criteria that best suit it, but the requirement is that each Undesired Effect must be assessed at its level of impact (severity).


◄Part 6

comments powered by Disqus