Risk Score = Likelihood Rating x Impact Rating
Likelihood
| Assessment | Rating | Description | Indicator | Immediate chance of occurring |
| Very likely | 5 | expected in most circumstances | multiple times a year | > 99% |
| Likely | 4 | will probably occur in most circumstances | once a year | > 50% |
| Possible | 3 | might occur at some time | once within 3-5 years | > 30% |
| Unlikely | 2 | could occur occassionally | within 10 years | < 30% |
| Rare | 1 | may occur in exceptional circumstances | within 25 years | <1% |
Impact
| Assessment | Rating | Finance | Compliance | People | Reputation | Operations |
| Breach resulting in: | not inclusive | |||||
| Severe | 5 | > $3.5 M | Material sanctions, fines, penalties | Loss of several key leaders and/or multiple critical staff Long term impact on staff engagement |
Long -term wide spread media coverage, major long-term impact | Complete disruption unplanned outage > 2 weeks widespread staff/visitor safety at risk |
| Major | 4 | > $1 M | Signifiant sanctions etc | Loss of few key leaders and/or a critical staff Medium term impact on staff engagement |
Medium -term wide spread media coverage, short-term impact | widespread disruption unplanned outage > 5 days some staff/visitor safety at risk |
| Moderate | 3 | ~ $500 K – $1.0 M | some penalties/fines | Loss of one key leader Medium term impact staff engagement |
Short -term localized media coverage, Short-term impact | minimual disruption unplanned outage > 1 day local staff/visitor safety at risk |
| Minor | 2 | ~ $100K – $500K | Immaterial fines | Loss of identifed successor of key leader, miminal impact staff engagement | Medium -term localized media coverage, medium-term impact | local disruption unplanned outage couple hours minimual staff/visitor safety at risk |
| Insignificant | 1 | < $100K | nothing | Nominal impact staff engagement | No media coverage, minimual impact | no risk |