In some ways, risk analysis is more art than science, since it often involves so much subjectivity and estimation. Yet complexity still seems to build in our estimations anyway. A post at Project Management Crumbs aims to streamline the qualitative analysis process with practical advice.
Simplification in All Things
Use basic values like numbers or letters to represent the severity posed by a threat, as opposed to long, wordy explanations. This both saves space and creates a common language of risk for the team to follow. You further want to use as few attributes as possible in assessing the risk, with the author suggesting two is best. This is because it is very easy to graph two pieces of data, whereas graphing four pieces of data is possible but highly difficult to digest. Standardizing the values used so that they can be applied across the organization is another way to build a common language.
Speaking even more practically, the author recommends using even integers whenever possible, because using odd integers can result in confusing decimals. Such decimals can lead to an unconscious bias into how you judge numbers. The goal of analysis should be to demystify the unknown, not to make the known unintelligible.
You can read the full blog post here: http://pmcrumbs.blogspot.com/2012/11/risk-qualitative-analysis-how-much.html