Summary Risk Profile

A Summary Risk Profile is a simple mechanism to increase the visibility of risks; it is a graphical representation of information normally found on an existing Risk Register.  In some industry sectors it is referred to as a risk map.  The project manager or risk manager needs to update the Risk Register on a regular basis and then regenerate the graph, showing risks in terms of probability and impact with the effects of mitigating action taken into account.  The Summary Risk Profile illustrated below shows all key risks as one picture, so that managers can gain an overall impression of the total exposure to risk.  It is essential for the graph to reflect current information as documented in the Risk Register.  The profile must be used with extreme care and should not mislead the reader.  If an activity has over 200 risks it will be impractical to illustrate all of the risks.  It will be more appropriate to illustrate the top 20 risks, for example, making it clear what is and is not illustrated.

A key feature of this picture is the risk tolerance line, indicated here as a bold line.  It shows the overall level of risk that the organisation is prepared to tolerate in a given situation.  If exposure to risk is above this line, managers can see that they must take prompt action such as upward referral of relevant risks.  Setting the risk tolerance line is a task for experienced risk managers; it reflects the organisation’s attitudes to risk in general and to a specific set of risks within a particular project.  The parameters of the risk tolerance line should be agreed at the outset of an activity and regularly reviewed.

The use of RAGB  (Red, Amber, Green, Blue) status can be useful for incorporating the status reporting from Risk Registers into risk profiles, and can provide a quick and effective means of monitoring