When valuing the consequence, use the maximum probable loss. The risk exposure will be adjusted by the probability of the loss.
Exposure to risk ($) = Probability (or Likelihood) X Consequence ($)
Select the appropriate consequence from the list. The interpretation of the consequence level is specific to an organisation, some suggestions are as follow:
| Consequence | Level | Description |
| Insignificant | 1 | Low financial loss < 2% of net profit and no injury to property or people. No regulatory breach. |
| Minor | 2 | Medium financial loss 2-5% pf net profit. Minor regulatory breach. Minor degradation of operations & service levels. impact is limited to a single area of business. Local intervention with local resources. First aid treatment, on-site damage immediately contained. |
| Moderate | 3 | High financial loss 5-7.5% of net profit. Substantial regulatory breach. Substantial degradation of operations & service levels. Impacts multiple areas of business. Substantial management intervention with some external assistance. Medical treatment required, on-site damage contained with outside assistance. |
| Major | 4 | Major financial loss 7.5-10% of net profit. Significant regulatory breach. Significant degradation of operations & service levels. Impacts multiple and diverse areas of business. Threatens business viability. Significant senior management intervention with external resources. Extensive injuries, loss of production capability, offsite damage of a minor nature, |
| Catastrophic | 5 | Significant/Material financial loss > 10% of net profit. Extensive regulatory breaches. Widespread and total degradation of operations & service levels. Impact across critical functions. Threat to immediate viability of business. Senior management and board intervention using external resources. Deaths, offsite damage of a serious nature. |
See also: