Qualitative risk assessment uses which of the following terms for evaluating risk level?
Each correct answer represents a part of the solution. Choose two.

A.
Impact

B.
Annual rate of occurrence

C.
Probability

D.
Single loss expectancy

Explanation:

Unlike the quantitative risk assessment, qualitative risk assessment does not assign dollar values.

Rather, it determines risk’s level based on the probability and impact of a risk. These values are
determined by gathering the opinions of experts.
Probability- establishing the likelihood of occurrence and reoccurrence of specific risks,
independently, and combined. The risk occurs when a threat exploits vulnerability. Scaling is done
to define the probability that a risk will occur. The scale can be based on word values such as
Low, Medium, or High. Percentage can also be assigned to these words, like 10% to low and 90%
to high.
Impact- Impact is used to identify the magnitude of identified risks. The risk leads to some type of
loss. However, instead of quantifying the loss as a dollar value, an impact assessment could use
words such as Low, Medium, or High. Impact is expressed as a relative value. For example, low
could be 10, medium could be 50, and high could be 100.
Risk level= Probability*Impact
quantitative risk assessment. Formula is given as follows:
ALE= SLE*ARO