Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
· Home
· Content
· Feedback
· News
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account


The five ITIL books can be obtained directly from the publisher's website:

Or as downloadable PDFs: HERE

Current Membership

Latest: Waynebep
New Today: 12
New Yesterday: 59
Overall: 236313

People Online:
Visitors: 169
Members: 1
Total: 170 .



Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Related Resources

Service related resources
Service Level Agreement

How to set up
IT Change Management
Process Info-Graphic

NOTE: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


Select Interface Language:

Please contact us via the feedback page to discuss advertising rates.

The Itil Community Forum: Forums

ITIL :: View topic - Difference between Risk & Impact assessment
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Difference between Risk & Impact assessment

Post new topic   Reply to topic    ITIL Forum Index -> Change Management
View previous topic :: View next topic  
Author Message

Joined: Jun 10, 2012
Posts: 26

PostPosted: Tue Jan 29, 2013 8:24 pm    Post subject: Difference between Risk & Impact assessment Reply with quote


Could you please explain me what is Risk Assessment & what is Impact Assessment. As fas as i know both are same. But my new organisation having two document one is for Risk Assessment and one is for Impact Asssessment.

2. Could you please explain how to calculate Risk level. Like Risk level-1, 2, 3 & 4.

Back to top
View user's profile
Senior Itiler

Joined: Mar 04, 2008
Posts: 1894
Location: Helensburgh

PostPosted: Tue Jan 29, 2013 10:11 pm    Post subject: Reply with quote

Impact is about things that will happen (like the use of resources or downtime) risk is about things that might happen (like something going wrong or taking longer than predicted).

The simplest way to look at level of risk is to multiply the likelihood by the effect if it happens. What numbers you then assign to a particular level are a function of your company's aversion to risk, but probably anything fairly likely to happen which has severe consequences is probably level 1 and to be avoided.
"Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718
Back to top
View user's profile Send e-mail

Joined: Jun 10, 2012
Posts: 26

PostPosted: Wed Jun 05, 2013 5:09 am    Post subject: Reply with quote

Could you please brief more about Risk Level one by one.

Risk Level 1 --------
Risk Level 2--------
Risk Level3--------
Risk Level 4--------
Back to top
View user's profile
Senior Itiler

Joined: Sep 16, 2006
Posts: 3607
Location: London, UK

PostPosted: Wed Jun 05, 2013 6:07 pm    Post subject: Reply with quote


I am extremely puzzled by the types of questions you are asking in regards to Change Management

You have asked what is Risk & Assessment and how to classify
You have asked whether Dev and Test shuld be under change mgmt
You have asked several questions about the basic concpets of ChHange Management

What is even more troubling is that you have indicated that you are in a role of being the Change Manager for a customer / client

First, the obvious question - why ar eyou the CM if you have no knowledge, training or experience doing CM
Second, if this is a consulting role for a client, does your organization not think it is not good to have a CM who is not skilled enough to fulfill the role
Third - this site and other sites are not a substitute for training. While this site acan asnwer specific questions, it is usually about differences of opinion not trying to get free education by asking questions

Finally, when I started in CM, I did not have any experience either. However, what I had was experience in IT Operations seeing the impact of poor or no CM process in place. In addition, I had the ITIL Foundation course.
I also had - what I feel is an important quality for a change manager .

I am a power mad, anal retentive, pedantic dictatorial type control freak.

With this attitude, I realized that I am the one who has to write the policy, process etc and make sure it is well written and very clear.

I admit I used the information in the ITIL books as a guide and where I extrapolated the information to help me write the policy document

You need to have that level of confidence in doing the role of CM for your customer / client.

Also, when you write your first policy document, it will have errors in it because you need to get input and comments from those it impacts.

Remember, all documents are reviewed and changed to reflect the current situation
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile

Joined: Jul 08, 2015
Posts: 11

PostPosted: Thu Jul 09, 2015 6:24 am    Post subject: Reply with quote

When trying to define Risk & Impact for a Change, think about the "worst" that could happen if the Change is not successful.

Risk relates to what the organization is willing to "absorb" if the Change doesn't go well. Risk factors may be related to: Audit, Operational Stability, Regulatory, Financial, Reputation or Safety. So when assessing Risk, see if it may affect any of those Risk criteria.

Impact relates to "who" may be affected, or impacted if a Change does not go well.... is it a site, or a location, or a group of people using the application?

If you cannot answer any of these questions or if they are simply unknown, then the higher Risk & Impact your Change will be.

You will need to define the numeric value in terms of the Risk being, a High, Medium or Low Risk.

I've mostly seen the number "1" to indicate a high risk or a high severity level for an incident... so I'd stick with that classification.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> Change Management All times are GMT + 10 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003

Forums ©


Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.