Risk Assessment Basics

What is Risk?
What is Risk Assessment?
What are the Goals of Risk Assessment?
What is the Procedure for Performing a Risk Assessment?
How Do I Estimate Risk?
What is the Point of Doing a Risk Assessment?
What is Risk Management?
How Do You Combine Risk Assessment with Risk Management?

What is Risk?
A common definition of risk is that it is the combination of a specific hazard and the likelihood that the hazard occurs (probability)x(hazard) = risk. That likelihood may be expressed as a rate or a probability. For example the risk of an aircraft accident (hazard) can be expressed as one accident per million flights (likelihood).

Risk can be objectively defined so that two people can take the same data and come up with a similar result. Risk can be expressed in many ways, so long as it combines a hazard with a likelihood. The concept of risk exists in aviation, finance, human health, and many other areas. One can use the methods of science, engineering, and math in order to define risks.

What is Risk Assessment?
Risk assessment is the process of analyzing a potential losses from a given hazard using a combination of known information about the situation, knowledge about the underlying process, and judgment about the information that is not known or well understood.

Risk is defined as the product of a hazard (such as damage costs) and the probability that this hazard occurs. In other words, (probability)x(hazard) = risk. The first two values must be known or at least estimated in order to define risk.

What are the Goals of Risk Assessment?
The basic goals of risk assessment include the following:

  • Identify potentially hazardous situations,
  • Apply appropriate methods to estimate the likelihood that a hazard occurs, and the uncertainty in that estimate,
  • Provide alternative solutions to reduce the risk doing one or more of the following:
    - Eliminating any possibility of the hazard occurring,
    - Reducing the likelihood that the hazard occurs,
    - Limiting any negative consequences of the hazard,
  • Estimate the effectiveness of those solutions,
  • Provide information to base a risk management decision, and
  • Estimate the uncertainty associated with the analysis.

What is the Procedure for Performing a Risk Assessment?
Risk assessment consists of four general steps:

  1. Hazard Identification,
  2. Evaluating relationship between exposure to a risk and adverse effects,
  3. Exposure assessment - evaluating the conditions that lead to exposure to a risk,
  4. Risk characterization - describe nature of adverse effects, their likelihood, and the strength of the evidence behind these characterizations (often done by using probability and statistics).

How Do I Estimate Risk?
Estimating risk can be done in several ways:

  • With historical data,
  • By modeling,
  • By breaking down the system into known subsystems using techniques such as event trees or fault trees,
  • By analogy with similar situations,
  • By comparison with similar activities, or
  • By by using a combination of methods.

What is the Point of Doing a Risk Assessment?
The risk assessment for a particular issue forms the foundation for making a decision about future actions. That decision may be to perform additional analyses, to perform activities that reduce the risk, or to do nothing at all.

What is Risk Management?
Risk management is the process of combining a risk assessment with decisions on how to address that risk, and doing so in ways that consider the technical and social aspects of the risk assessment. Risk management is part of a larger decision process that considers the technical and social aspects of the risk situation. Risk assessments are performed primarily for the purpose of providing information and insight to those who make decisions about how that risk should be managed. Judgment and values enter into risk assessment in the context of what techniques one should use to objectively describe and evaluate risk. Judgment and values enter into risk management in the context of what is the most effective and socially acceptable solution

How Do You Combine Risk Assessment with Risk Management?
The combined risk assessment and risk management process can be described as a six step process. The first three steps are associated with risk assessment and the last three with risk management.

  1. Formulate problem in a broad context - Do this by answering questions like: what is the problem?, who must manage the problem?, and who are the stakeholders? Also, establish relationships among the problems and rely on stakeholders for problem identification and characterization.
  2. Perform the risk analysis - Evaluate the risk in order to determine the hazard, the likelihood of the hazard occurring, and any uncertainties in the estimate
  3. Define the options - Determine what can be done about the risk issue and the ways that it could be done. Determine potential consequences, costs, and benefits.
  4. Make sound decisions - Determine the best solutions and how they could be implemented in ways that are feasible, cost effective, and socially acceptable.
  5. Implement decisions - Find out what actions are needed to implement and deal with any objections or reassessments.
  6. Evaluate actions taken - Determine what is an acceptable and effective means of evaluating the effectiveness or appropriateness of the risk management actions.
Risk Assessment Basics
http://www.airsafe.com/risk/basics.htm -- Revised: 19 January 2014