Glossary

Likelihood and Impact

A common two-dimensional way to characterize risk by combining how probable an event is (likelihood) with how severe its consequences are (impact).

Quality, Compliance and Traceability Audit and Compliance Readiness (AS9100, LPAs and Process Audits)Quality, NCR, and Continuous Improvement

Likelihood and impact is a two-dimensional way to describe and compare risks by combining how probable an event is with how severe its consequences would be if it occurred.

Core meaning

In industrial and manufacturing environments, likelihood and impact are used together to assess risk for safety, quality, cybersecurity, supply chain, and operational issues.

Likelihood commonly refers to the estimated probability or frequency that an unwanted event (such as a machine failure, data breach, or nonconformance) will occur within a defined period or context.
Impact commonly refers to the severity or magnitude of the consequences if that event occurs. Impact may be considered across multiple dimensions such as safety, product quality, regulatory compliance, production continuity, financial cost, and reputation.

Risk evaluation practices often combine likelihood and impact into a single risk rating or score so different risks can be prioritized, tracked, and reviewed in a consistent way.

Operational use in manufacturing and regulated environments

Likelihood and impact are typically applied through structured assessments, sometimes aligned with standards such as ISO-style risk management or ISA/IEC frameworks, without relying on any particular standard.

Risk registers and matrices: Many organizations use a likelihood vs. impact matrix (for example, 3×3 or 5×5) to categorize risks as low, medium, or high. Each axis has defined levels (such as rare to frequent, minor to catastrophic).
Quality and CAPA: In quality systems and CAPA processes, nonconformances and failures are evaluated on likelihood (how often this could recur) and impact (effect on patient or end-user safety, product quality, or compliance).
OT/IT and cybersecurity: For control systems, MES, and connected equipment, likelihood may consider threats, vulnerabilities, and exposure, while impact examines consequences such as production downtime, loss of data integrity, or safety risks.
Safety and process hazards: In process hazard analysis or machine safety reviews, analysts estimate how likely a hazardous event is and how severe the outcome might be to determine needed safeguards.
Supply chain and operations: For suppliers, logistics, and capacity planning, likelihood might reflect the chance of delay or shortage, and impact reflects the effect on production schedules, order fulfillment, and customer commitments.

How likelihood and impact are typically defined

Organizations usually define qualitative or semi-quantitative scales so different teams interpret likelihood and impact consistently.

Likelihood scales may be described as qualitative bands (for example, rare, unlikely, possible, likely, almost certain) or mapped to approximate frequencies (for example, once per 10 years, once per year, monthly, weekly).
Impact scales may be defined against multiple criteria, such as:

Safety or environmental harm
Product quality and potential field issues
Regulatory or audit consequences
Production downtime or throughput loss
Direct and indirect cost

These definitions are documented in risk procedures, quality manuals, or OT/IT security policies so that risk owners and reviewers apply them consistently.

Using likelihood and impact together

When likelihood and impact are evaluated, they are commonly combined into an overall risk rating. Common patterns include:

Risk matrix placement: Plotting each risk on a grid to classify it as low, medium, or high based on its position.
Numeric scoring: Assigning numerical values to likelihood and impact levels and calculating a risk priority number or similar score.
Prioritization and review: Higher combined ratings usually trigger more detailed analysis, mitigation actions, or more frequent review in management meetings.

In regulated environments, the documentation of the chosen scales, the assigned likelihood and impact ratings, and any resulting actions is often part of routine audit evidence.

Common confusion

Risk vs. likelihood and impact: Risk is generally understood as a function of both likelihood and impact, not just one or the other. Saying a risk has “high likelihood” or “high impact” is not the same as fully characterizing the risk.
Severity vs. impact: Some disciplines use the term severity instead of impact. In most manufacturing and quality contexts, severity is a component or synonym of impact but impact may consider multiple types of consequences, not only safety.
Uncertainty vs. likelihood: Uncertainty describes how confident we are about the estimates. Likelihood describes how probable the event is assumed to be despite that uncertainty.

Relation to broader risk management

Likelihood and impact are part of a broader risk management cycle that often includes identifying hazards or failure modes, assessing and documenting likelihood and impact, deciding on controls or mitigations, implementing changes in processes or systems, and periodically reviewing whether likelihood and impact have changed over time.

AS9100 Rev D auditors focus on objective evidence that your quality management system is defined, implemented, controlled, and effective in practice. They look for controlled documents, current records, traceability, risk-based thinking, and evidence that data is used to manage nonconformities, corrective actions, and continual improvement. Exact evidence depends on your processes, tools, and integration maturity.

How does Connect 981 help during customer and regulatory audits?

Connect 981 can make audits easier by improving evidence retrieval, revision control, traceability, and record consistency across execution workflows. It does not guarantee audit success or replace a QMS, site procedures, validation, or disciplined data governance. Results depend on configuration, integration quality, user adoption, and how completely records are captured.

What types of evidence do AS9100 auditors typically request?

AS9100 auditors usually ask for objective evidence that your processes are defined, followed, recorded, and controlled. That often includes procedures, revision history, training records, risk and quality records, traceability data, internal audits, corrective actions, calibration, supplier controls, and sampled job or product records. Exact requests vary by scope, site maturity, and how well systems are integrated.

What are the most useful compliance KPIs for aerospace manufacturers?

The most useful compliance KPIs in aerospace are the ones that show whether required controls actually work in production, quality, and supplier flows. Focus on traceability completeness, nonconformance closure discipline, training currency, document/version adherence, FAI execution, and audit evidence readiness. KPI value depends heavily on data quality, system integration, and disciplined change control.

Related Glossary

Change Impact Assessment

A structured evaluation of how a proposed change could affect processes, systems, product quality, compliance, and operations.

Layered Process Audits (LPA)

Layered Process Audits (LPA) are repeated, multi-level checks that verify key process steps are followed and controlled in daily operations.