Updated proportionality.qmd to include a clearer alt-text description…

… for Figure 3-1. Changed the figure so the colour scheme is simpler and different to the scheme used in the risk table

proportionality.qmd

@@ -42,7 +42,7 @@ Further detail and considerations may be found on the Analysis Function's [Quali
 
 Figure 3-1 shows some assurance techniques that might be considered for different levels of analysis complexity and business risk. The key message is the need for more assurance interventions increases with the complexity of, and the business risk associated with analysis.
 
-![Figure 3-1 - Types of quality assurance](types_of_quality_assurance_accessible.jpg){fig-alt="Figure 1 is diagram showing the relationship between risk, complexity and the requirement for assurance activity. There are two axes on the diagram. One of them goes from simple to highly complex analysis and the other goes from low to high business risk. As risk and complexity increase there is a need for extra assurance activities as well as a higher degree of separation between the analyst and the assurer. For complex, high risk analysis this might include external peer review or audit."}
+![Figure 3-1 - Types of quality assurance](types_of_quality_assurance_redorange.jpg){fig-alt="Figure 1 is diagram showing the relationship between risk, complexity and the requirement for assurance activity. There are two axes on the diagram. The X axis goes from simple analysis on the left to highly complex analysis on the right. The y axis goes from low business risk at the bottom to high business risk at the top. As risk and complexity increase there is a need for extra assurance activities as well as a higher degree of separation between the analyst and the assurer. For complex, high risk analysis this might include external peer review or audit. On the diagram, the increasing level of risk as we move from bottom left to top right is represented by darker shades."}
 
 The interventions in Figure 3-1 must not be viewed in isolation. Some complex and risky analysis that would benefit from an external review will still require the interventions closer to the axes, for example version control and analyst led testing. 
 
@@ -124,7 +124,11 @@ Table 3-2 - Example of a risk matrix
 </tr>
 </table>
 
-Table 3-2 shows appropriate responses to a risk assessment. Where business risk is high, appropriate treatment(s) must be considered to reduce the probability of errors occurring. The choice of treatment will depend on the mitigations already in place and on the complexity of the analysis (see Figure 3-1). For a situation where simple analysis is being employed, a review by an appropriate expert may be sufficient as the additional mitigation. However, for complex analysis that is already employing a wide range internal assurance measures, options like external peer review may be necessary. For situations where the business risk is ‘very low’, there would be very little benefit in applying further assurance mitigations, . Aalthough to avoid the risk growing it remains important to ensure existing or planned mitigations aren’t lost. 
+Table 3-2 shows appropriate responses to a risk assessment. Where business risk is high, appropriate treatment(s) must be considered to reduce the probability of errors occurring. The choice of treatment will depend on the mitigations already in place and on the complexity of the analysis (see Figure 3-1). 
+
+For a situation where simple analysis is being employed, a review by an appropriate expert may be sufficient as the additional mitigation. However, for complex analysis that is already employing a wide range internal assurance measures, options like external peer review may be necessary. 
+
+For situations where the business risk is ‘very low’, there would be very little benefit in applying further assurance mitigations, although to avoid the risk growing it remains important to ensure existing or planned mitigations aren’t lost. 
 
 In cases where there is a need for analysis, but there are also significant time and/or resource constraints, it may not be possible to do as much assurance as usual. In these situations, the focus should be on areas of greatest risk. These risks and limitations must also be communicated, along with appropriate caveats.