Framework for risk assessment
Most risk assessment frameworks contain the following steps: danger identification, hazard assessment, consequence assessment (or vulnerability assessment and elements at risk identification), risk quantification/estimation, risk evaluation, and risk management. Risk management is an integrated process containing scientific and political decisions with several levels, countless back-steps, and iterative loops. The final goal is to reduce societal risk by reducing the probability of failure or the consequences.
Quantitative vs. qualitative risk
Schematic illustration of risk management
There are two types of approaches to risk assessment, a qualitative and a quantitative approach. In qualitative risk assessment, the components of risk, which are a hazard, elements at risk, and vulnerability, are expressed verbally. The final result is ranked or verbal risk levels (IUGS, 1997).
The qualitative risk could also be presented as a risk matrix with qualitative hazard in the first dimension and qualitative consequence in the second dimension. Qualitative risk assessment is subjective. What is low risk?
Richard Feynman gave an example of biased risk perception after the Space Shuttle Challenger disaster: The estimates of the probability of a failure with loss of vehicle and human life range from roughly 1 in 100 to 1 in 100,000. The higher figures come from the working engineers, and the very low figures from management.
Quantitative risk assessment involves quantifying risk components and computing risk from these components. Quantitative risk assessment (QRA) calculates a mathematical value for the risk, enabling improved risk communication and systematic decision-making (Lee & Jones, 2004).
The QRA frameworks proposed in the literature have the common objective of answering the following questions (Ho et al., 2000; Lee & Jones, 2004):
- What are the probable dangers/problems? [Danger Identification]
- What would be the magnitude of dangers/challenges? [Hazard Assessment]
- What are the consequences and/or elements at risk? [Consequence/Elements at Risk Identification]
- What might be the degree of damage in elements at risk? [Vulnerability Assessment]
- What is the probability of damage? [Risk Quantification/Estimation]
- What is the significance of estimated risk? [Risk Evaluation]
- What should be done? [Risk Management]