Calculating or quantifying risk, as opposed to qualifying risk, is essential if you want to accurately prioritise the risks your organisation faces, and ultimately control them down to acceptable or tolerable levels.
Calculating risk values or risk scores gives you an actual measure of risk instead of simply recognising a risk is present.
With two key numerical pieces of information; probability and impact, you can quantify any risk event (sometimes called top event).
This is fine if for example your company consists of a single or couple of departments, but what if, like many organisations, you have complex command structures, multiple departments, numerous domains and various locations? How do risks in one downstream department manifest in upstream departments?
This article attempts to show you how you can calculate risk in multi domain organisations which in turn will help you foster an all round more efficient enterprise risk management system.