Risk Assessment Decision Frameworks

Risk assessment frameworks exist because human intuition is notoriously poor at evaluating probability and impact. We overweight dramatic risks (plane crashes) and underweight mundane ones (car accidents). We conflate frequency with magnitude. These cognitive biases lead to misallocated resources and preventable failures.

Structured risk frameworks counteract these biases by decomposing risk into measurable components. FMEA (Failure Modes and Effects Analysis) systematically catalogs every way something can fail, scores severity, occurrence, and detectability, then multiplies them into a Risk Priority Number. Risk matrices plot probability against impact on a grid to visualize the risk landscape. Monte Carlo simulation runs thousands of scenarios with varying assumptions to produce probability distributions of outcomes.

SolveRight implements 16 risk assessment frameworks that analyze your decision's risk profile from multiple angles. The engine identifies risk factors from your decision description — market risks, technical risks, operational risks, financial risks — and scores each option's exposure. Contradiction detection highlights when one framework rates an option as low-risk while another flags it as high-risk, revealing hidden risk dimensions.

16 frameworks in this category

All Risk Assessment Frameworks

Risk Assessment Matrix

Maps risks by probability and impact to quantify overall risk exposure

qualitative-impactmedium

Scenario Planning

Evaluates best-case, worst-case, and most-likely outcomes

qualitative-impactmedium

Execution Feasibility Assessment

Assesses practical ability to implement each option successfully

qualitative-impactlow

Reversibility Assessment

Evaluates how easily a decision can be undone if it fails

qualitative-impactlow

FMECA (Failure Mode, Effects, and Criticality Analysis)

Extends FMEA with criticality ranking based on failure probability and consequence severity

multiplicativehigh

Bow-Tie Analysis

Maps causes, controls, and consequences of a hazard event in a single visual model

qualitative-impactmedium

Fault Tree Analysis (FTA)

Deductively analyzes combinations of events leading to a specified undesired top event

probabilistichigh

Event Tree Analysis (ETA)

Models possible outcomes following an initiating event through sequential barrier successes and failures

probabilistichigh

Monte Carlo Simulation

Generates probability distributions of outcomes under uncertainty via thousands of random iterations

probabilistichigh

Bayesian Network Analysis

Models complex interdependent risk factors using probabilistic graphical models

probabilistichigh

FAIR (Factor Analysis of Information Risk)

Quantifies cyber and operational risk in financial (dollar) terms using loss decomposition

probabilistichigh

RCSA (Risk and Control Self-Assessment)

Assesses inherent risks, control effectiveness, and residual risks within business processes

qualitative-impactmedium

RAID Log

Tracks four categories of project uncertainty (Risks, Assumptions, Issues, Dependencies) simultaneously

multiplicativelow

Business Impact Analysis (BIA)

Assesses impact of business function disruptions and determines recovery priorities

quantitative-formulamedium

Cross-Impact Analysis

Analyzes how occurrence of one event changes probability of other events

probabilistichigh

Delphi Method

Achieves expert consensus on uncertain future events through iterative anonymous rounds

probabilisticmedium

Which Framework Should I Use?

I need a quick risk assessment — which framework is simplest to apply?

A probability-impact risk matrix is the fastest starting point — plot each risk on a 5x5 grid of likelihood vs. severity. For more rigor, FMEA adds a third dimension (detectability) that catches risks you might overlook because they are hard to detect before they cause damage. SolveRight runs both automatically.

When should I use Monte Carlo simulation instead of deterministic risk scoring?

Use Monte Carlo when your inputs have ranges rather than point estimates — for example, 'project cost will be between $500K and $800K.' Monte Carlo runs thousands of scenarios sampling from those ranges and produces a probability distribution of outcomes, showing not just the expected result but the likelihood of best-case and worst-case scenarios.

How do I assess risks I have not thought of yet?

Pre-mortem analysis asks 'assume this decision failed — why?' This reframes risk identification from prediction (hard) to explanation (easier). Combine with HAZOP (Hazard and Operability Study) which systematically applies guide words like 'more,' 'less,' 'reverse' to each parameter to surface non-obvious failure modes.

Our team disagrees on the severity of key risks — how do we resolve this?

Run SolveRight's sensitivity analysis on the disputed risk scores. If the final decision ranking is robust across the full range of disagreement, the debate is academic. If rankings change, focus the discussion on only the risks that actually affect the outcome — this dramatically narrows the scope of disagreement.

Analyze with All Risk Assessment Frameworks

Run your decision through 16 risk assessment frameworks simultaneously. Get scored, ranked results in minutes.

Start Free Analysis

14-day Pro trial, no credit card required

When to Use Risk Assessment Frameworks

  • Decisions with significant downside exposure or irreversible consequences
  • Product launches, system deployments, or process changes with failure potential
  • Investment decisions requiring probabilistic analysis of uncertain outcomes
  • Regulatory compliance decisions with legal or safety implications
  • Project planning where identifying and mitigating risks early saves costs
  • Any decision where 'what could go wrong?' is a critical question

Frequently Asked Questions

What is FMEA and when should I use it?+
FMEA (Failure Modes and Effects Analysis) is a systematic method for identifying all possible failure modes of a product, process, or system, then scoring each by severity, probability of occurrence, and detectability. It is most valuable during design or process planning phases, where identifying failures early is far cheaper than fixing them in production.
How do I choose between qualitative and quantitative risk assessment?+
Use qualitative methods (risk matrices, SWOT-based risk analysis) when you lack statistical data or need a quick initial assessment. Use quantitative methods (Monte Carlo, fault tree analysis) when you have historical data and the stakes justify the additional analytical effort. SolveRight runs both types simultaneously and shows where they agree.
Can risk assessment frameworks predict black swan events?+
No framework reliably predicts true black swan events — by definition, they are outside the realm of regular expectations. However, frameworks like pre-mortem analysis and scenario planning expand the range of considered possibilities. The goal is not prediction but preparedness: building resilience into your decision so it performs reasonably even under unexpected conditions.
What is the difference between risk assessment and risk management?+
Risk assessment identifies and quantifies risks — it answers 'what could go wrong and how bad would it be?' Risk management is the response — avoidance, mitigation, transfer, or acceptance of those risks. SolveRight focuses on assessment, providing scored risk profiles that inform your management strategy.
How many risks should I track for a typical decision?+
Focus on 5-15 material risks rather than cataloging every conceivable concern. FMEA's Risk Priority Number helps you filter — risks below a threshold RPN can be monitored passively while high-RPN risks get active mitigation plans. SolveRight's scoring automatically surfaces the risks with the greatest impact on your decision ranking.

Make Better Decisions with SolveRight

155 frameworks. 10 categories. One scored recommendation.

Try All 155 Frameworks Free

14-day Pro trial, no credit card required