Risk Management - Standard Process/Definitions: Probability of Occurence

For additional information on risk management best practices and lessons learned, please see the Risk Management topic and articles in the online MITRE Systems Engineering Guide.

Acquisition Risk Management Probability Definitions
The risk rating is based on the probability of impact and the level of impact (manual mapping approach):

Probability of Occurrence
0 - 10%	or	Very unlikely to occur
11 - 40%	or	Unlikely to occur
41 - 60%	or	May occur about half of the time
61 - 90%	or	Likely to occur
91 - 100%	or	Very likely to occur

The probability is a single percentage number and does not have to be exact as long as the group applies a consistent approach to estimating the probabilities for all the risks.

Make sure everyone is in agreement before moving on or get a decision from the program manager.

Reference: Risk Matrix User's Guide, Version 2.2, by Pamela E. Engert and Zachary F. Lansdowne, Mitre Document MP99B0000029, November 1999, The MITRE Corporation

Operational Risk Management Probability Definitions

Frequent - Occurs often in career/equipment service life. Everyone exposed. Continuously experienced.
Likely - Occurs several times in career/equipment service life. All members exposed. Occurs frequently.
Occasional - Occurs sometime in career/equipment service life. All members exposed. Occurs sporadically, or several times in inventory/service life.
Seldom - Possible to occur in career/equipment service life. All members exposed. Remote chance of occurrence; expected to occur sometime in inventory service life
Unlikely - Can assume will not occur in career/equipment service life. All members exposed. Possible, but improbable; occurs only very rarely.

Reference: Pocket Guide to Operational Risk Management

Other Risk Management Probability Definitions
The associated risk event represents a future event that may occur. When we assess the probability a risk may occur, we are technically assessing a conditional probability; that is,

0 < Prob (A|B) < 1

where, A is the Associated Risk Event and B is the Condition Present. The following table provides a guide for assessing risk event probabilities.

Risk Event Probability	Interpretation	Rating
> 0 - <= 0.05	Extremely sure not to occur	Low
> 0.05 - <= 0.15	Almost sure not to occur	Low
> 0.15 - <= 0.25	Not likely to occur	Low
> 0.25 - <= 0.35	Not very likely to occur	Low
> 0.35 - <= 0.45	Somewhat less than an even chance	Medium
> 0.45 - <= 0.55	An even chance to occur	Medium
> 0.55 - <= 0.65	Somewhat greater than an even chance	Medium
> 0.65 - <= 0.75	Likely to occur	High
> 0.75 - <= 0.85	Very likely to occur	High
> 0.85 - <= 0.95	Almost sure to occur	High
> 0.95 - < 1	Extremely sure to occur	High

A risk event that is certain not to occur has, by definition, probability equal to zero. In this case, we say the risk event does not exist. The table above does not assign a categorical rating (i.e., High, Medium, or Low) to a risk event that is certain not to occur. A risk event that is certain to occur has, by definition, probability equal to one. In this case, we say the event is no longer a risk; on the IS upgrade, it is considered an issue that presently exists on the project. The above table does not assign a categorical rating (i.e., High, Medium, or Low) to a risk event that is certain to occur.

Reference: Garvey, Paul R., "Implementing a Risk Management Process for a Large Scale Information System Upgrade - A Case Study", INCOSE Insight, May 2001, p.5.