# How to Define Risk Probabilities and Impacts

Once you have identified your risks, to help manage your risks, you need gather additional information about the risk. It is easy to think of this information as answering the question “Who, What, When, Where and How. Let’s use one of Hollywood’s most know risk takers Indiana Jones. In this case we can imagine that Indiana Jones is on another mission to recover an ancient artifact and has the risk “Unwanted encounter with the Maniacal Nazi Scientist”. Here is how he might define the risk in a risk register.

1. Enter the risk in the risk register “Unwanted encounter with the Maniacal Nazi Scientist”.
2. Identify risk properties. For example, risk ““Unwanted encounter with the Maniacal Nazi Scientist” will occur only when Indiana Jones is in enemy’s airport just before the plane takes off; Indiana Jones will be an owner and manager of this risk; he is the one man in the airport, and nobody can help him. From this information, Indiana Jones can add also the location and expected time when the risk could occur.
3. Select which risk categories this risk will impact. The same risk may affect different categories with different impacts. In this case it is duration and safety; we doubt that Indiana Jones had any concerns about cost, environment, or public relations.
4. Each category may have different impact type. Impact type is what exactly may happen if risk occurs. In our case we can define the type of impact for the impact type related to category project duration:
a. Relative delay, for example task is delayed on 20%, if risk is occurred
b. Fixed delay, or task delay on 5 days