Risk velocity is the time to impact. Think of velocity as an estimate of the time frame within which a risk may occur.
When the velocity is low, we have more time to respond to the risks. For a threat, we may take steps to reduce the probability and impact. The risk owner has time to develop a contingency plan (i.e., a plan we will execute if the risk occurs) and a fallback plan (i.e., a plan we will execute if the contingency plan fails).
If the velocity is very high, threats strike quickly. Thus, these risks are more likely to become issues, costing more time and money. Here are some causal factors for high-velocity risks:
Imagine that two risks have a risk score of 20 on a scale of 25. But Risk A will likely to occur in a two to three weeks where Risk B will take at least six months. Which risk merits your attention most? See the difference?
A classic way to conduct qualitative risk analysis is to rate probability and impact. For example, on a scale of 1 to 5, we might rate the probability of a risk as 4 and impact as 5. We multiply these ratings to get the risk score of 20.
Optionally, individuals can also include risk velocity in the ratings.
Here is a suggested formula:
(Probability + Velocity) x Impact = Risk Score
Let’s assume the velocity is rating as 4. For the previous example, the risk score for would be:
(4 + 4) x 5 = 40
Consider the following risks:
Notice how the velocity ratings provide an important element in evaluating risks. Although Risks A and D have the same probability and impact ratings, Risk A is of greater concern since it will likely occur much sooner.
Risk managers and project managers should keep risk management as simple as possible. Adding velocity may be worthwhile for an Enterprise Risk Management Program or for larger, more complex projects. Weigh the cost/benefit of adding the risk velocity to your risk evaluation process.