The effect of uncertainty on objectives, commonly referred to as risk, is assessed using two key measures: likelihood (probability of occurrence) and impact (severity of consequences). Together, these metrics form the basis of most risk assessment methodologies.
Key Points About Likelihood and Impact:
Likelihood: Measures the probability or frequency of a risk event occurring.
Impact: Measures the severity of the consequences if the risk event occurs.
Application in Risk Management:
The COSO ERM Framework and ISO 31000 emphasize assessing both likelihood and impact to evaluate and prioritize risks.
Risk = Likelihood × Impact is a common formula used in risk scoring and heat maps.
Why Option A is Correct:
Likelihood and impact are the two standard measures used to evaluate the effect of uncertainty on objectives.
Why the Other Options Are Incorrect:
B. Probability and consequence: These terms are similar to likelihood and impact but are less commonly used in risk management terminology.
C. Certainty and effect: Certainty is the opposite of uncertainty, and "effect" is not a measure but a result.
D. Accuracy and precision: These relate to measurement quality, not risk evaluation.
References and Resources:
ISO 31000:2018 – Highlights the use of likelihood and impact in risk assessments.
COSO ERM Framework – Provides methodologies for evaluating risks using likelihood and impact.
NIST RMF – Uses likelihood and impact as part of risk assessment and prioritization.
