Parametrized Risk Analysis 2.0 employs a qualitative model based on reference tables and on-site audits to measure existing gaps in existing protection systems.

This methodology provides some important outputs, among them: the Critical Risk Matrix, the Vulnerability Heat Map, the Effectiveness and Risk Matrix, the Effectiveness Matrix and Probability Estimate, and the Heat Map of Risks and Financial Resilience and the Impact and Financial Resilience Matrices.

The Risk Matrix is the result of measuring the risks graphically, allowing you to see the impact quantification (severity) and the probability (frequency) estimate of each risk.

The Vulnerability Heat Map provides a clear view of gaps in protection systems.

The Effectiveness and Risk Matrix, on the other hand, allows the dissonance between a combined impact index of each risk (Risk Index) and the effectiveness of protection systems (Vulnerability Index) to be seen.

The Heat Map of Risks and Financial Resiliency demonstrates how each risk affects each financial indicator (EBITDA, Dry Liquidity etc) visually with color-coded tables. The Impact and Financial Resilience Matrices play a similar role to these Heat maps, but in a different visual form.

The main concept guiding Parameterized Risk Analysis 2.0 is to balance the level of risk with the level of vulnerability in protection systems, that is, the higher the risk of the operation, the better protection systems (the lower the vulnerability gaps). This means that risk managers can accept certain risks as long as they reduce existing vulnerabilities in their protection systems. That is, if the level of risk increases by accepting a new critical risk, the risk manager should reduce his degree of vulnerability in a similar proportion in order to keep the degree of risk and level of vulnerability balanced. The risk manager, in this case, acts in 5 main vectors: material resources, intellectual capital, standards and procedures, organizational culture and management capacity.


The challenge is to establish reliable criteria for evaluation and decision-making in relation to the optimal level of protection.

The Method of Parametrized Risk Analysis 2.0 inserts some new elements and takes into account the definition of two major components: the probability and impact through Impact Quantification (IQ) and Probability Estimation (PE) more comprehensively and flexibly than the methods existing qualitative measures in general.

The methodology employs a model that aims to reduce the analysis of risks performed subjectively, through the incorporation of objective references to measure the vulnerabilities(gaps)existing in protection systems.

Another important reference is to establish a methodology that contributes to assist risk analysis, and decision to establish the optimal level of balancing between RISKS and VULNERABILITIEs.

Some risks may be assumed, provided that existing protection systems are able to reduce vulnerabilities to an appropriate level of acceptability, i.e. the risk manager should indicate the need for the implementation of the necessary protections in order to balance between the RISK LEVEL and the VULNERABILITY LEVEL of existing protection systems.

The Parameterized Risk Analysis 2.0 can also be applied to the most varied fields of activity, requiring only the realization of a process of “Elicitation of Knowledge” by specialists in the area for the definition of Check lists of Parameterized Risk Analysis that will be used later in field work.