World Library  
Flag as Inappropriate
Email this Article

Risk assessment

Risk assessment is the determination of quantitative or qualitative estimate of risk related to a concrete situation and a recognized threat (also called hazard). Quantitative risk assessment requires calculations of two components of risk (R):, the magnitude of the potential loss (L), and the probability (p) that the loss will occur. Acceptable risk is a risk that is understood and tolerated usually because the cost or difficulty of implementing an effective countermeasure for the associated vulnerability exceeds the expectation of loss.[1]"Health risk assessment" includes variations, such as risk as the type and severity of response, with or without a probabilistic context.

In all types of engineering of complex systems sophisticated risk assessments are often made within Safety engineering and Reliability engineering when it concerns threats to life, environment or machine functioning. The nuclear, aerospace, oil, rail and military industries have a long history of dealing with risk assessment. Also, medical, hospital, social service[2] and food industries control risks and perform risk assessments on a continual basis. Methods for assessment of risk may differ between industries and whether it pertains to general financial decisions or environmental, ecological, or public health risk assessment.


  • Explanation 1
    • Five-step process in risk assessment and management 1.1
  • In General Health 2
    • How risk is appraised 2.1
    • Small subpopulations 2.2
    • Acceptable risk criteria 2.3
  • In auditing 3
  • In Public health 4
  • In Project management 5
  • In information security 6
  • For megaprojects 7
  • Quantitative risk assessment 8
  • In software evolution 9
  • Criticisms of quantitative risk assessment 10
  • In shipping industry 11
  • See also 12
  • References 13
    • Footnotes 13.1
    • General references 13.2
  • External links 14


Risk assessment from a financial point of view.

Risk assessment consists of an objective evaluation of risk in which assumptions and uncertainties are clearly considered and presented. Part of the difficulty in risk management is that measurement of both of the quantities in which risk assessment is concerned – potential loss and probability of occurrence – can be very difficult to measure. The chance of error in measuring these two concepts is high. Risk with a large potential loss and a low probability of occurrence, is often treated differently from one with a low potential loss and a high likelihood of occurrence. In theory, both are of near equal priority, but in practice it can be very difficult to manage when faced with the scarcity of resources, especially time, in which to conduct the risk management process. Expressed mathematically,

R_i=L_i p(L_i)\,\!
R_{total}=\sum_i L_i p(L_i)\,\!

Financial decisions, such as insurance, express loss in terms of dollar amounts. When risk assessment is used for public health or environmental decisions, loss can be quantified in a common metric such as a country's currency or some numerical measure of a location's quality of life. For public health and environmental decisions, loss is simply a verbal description of the outcome, such as increased cancer incidence or incidence of birth defects. In that case, the "risk" is expressed as

R_i= p(L_i)\,\!

If the risk estimate takes into account information on the number of individuals exposed, it is termed a "population risk" and is in units of expected increased cases per a time period. If the risk estimate does not take into account the number of individuals exposed, it is termed an "individual risk" and is in units of incidence rate per a time period. Population risks are of more use for cost/benefit analysis; individual risks are of more use for evaluating whether risks to individuals are "acceptable".

Five-step process in risk assessment and management

Risk assessment and management process
Establish the context understand the operating context and environment
Identify the risks identify the internal and external risks that poses threat
Analyze the risks systemic analysis of various contributing and leading factors (e.g. extend of the exposure, multiple exposures)
Evaluate and prioritize the risks characterize and prioritize the list of risks for further action
Tackle the risks Identify the range of options to tackle the risk & implement the best choice using available resources

In General Health

There are many resources that provide health risk information.

The National Library of Medicine provides risk assessment and regulation information tools for a varied audience.[3] These include:

The United States Environmental Protection Agency provides basic information about environmental risk assessments for the public for a wide variety of possible environmental exposures.[6]

Considering the increase in junk food and toxicity FDA required in 1973 that cancer-causing compounds must not be present in meat at concentrations that would cause a cancer risk greater than 1 in a million over a lifetime. The US Environmental Protection Agency provides extensive information about ecological and environmental risk assessments for the public via its risk assessment portal.[7] The

  • Risk Assessment Worksheet and Management Plan A comprehensive guide to risk assessment in project management, includes template - By John Filicetti
  • [2] Codes of Practice, Safe Work Australia.

External links

  • Jean-Lou, C. M.; Dorne, George E. N. Kass, Luisa R. Bordajandi, Billy Amzal, Ulla Bertelsen, Anna F. Castoldi, Claudia Heppner, Mari Eskola, Stefan Fabiansson, Pietro Ferrari, Elena Scaravelli, Eugenia Dogliotti, Peter Fuerst, Alan R. Boobis and Philippe Verger (2011). "Chapter 2. Human Risk Assessment of Heavy Metals: Principles and Applications". In Astrid Sigel, Helmut Sigel, Roland K O Sigel. Metal Ions in Toxicology. RSC Publishing. pp. 27–60.  
  • Mumtaz, Moiz M.; Hansen, Hugh; Pohl, Hana R. (2011). "Chapter 3. Mixtures and Their Risk Assessment in Toxicology". In Astrid Sigel, Helmut Sigel, Roland K O Sigel. Metal Ions in Toxicology. RSC Publishing. pp. 61–80.  
  • Committee on Risk Assessment of Hazardous Air Pollutants, Board on Environmental Studies and Toxicology, Commission on Life Sciences,  
  • Barry Commoner. “Comparing apples to oranges: Risk of cost/benefit analysis” from Contemporary moral controversies in technology, A. P. Iannone, ed., pp. 64–65.
  • Hallenbeck, William H. Quantitative risk assessment for environmental and occupational health. Chelsea, Mich.: Lewis Publishers, 1986
  • Harremoës, Poul, ed. Late lessons from early warnings: the precautionary principle 1896–2000.
  • John M. Lachin. Biostatistical methods: the assessment of relative risks.
  • Lerche, Ian; Glaesser, Walter (2006), Environmental risk assessment : quantitative measures, anthropogenic influences, human impact., Berlin: Springer,  
  • Library of Congress. Congressional Research Service. & United States. Congress. House. Committee on Science and Technology. Subcommittee on Science, Research, and Technology (1983), A Review of risk assessment methodologies, Washington: U.S: report / prepared by the  
  • Deborah G. Mayo. “Sociological versus metascientific views of technological risk assessment” in Shrader-Frechette and Westra.
  • Nyholm, J, 2009 "Persistency, bioaccumulation and toxicity assessment of selected brominated flame retardants"
  • O’Brien, Mary (2002), Making better environmental decisions: an alternative to risk assessment, Cambridge, Massachusetts:  
  • Shrader-Frechette, Kristin; Westra, Laura, eds. (1997), Technology and values, Lanham, Maryland: Rowman & Littlefield,  

General references

  1. ^ RFC 4949
  2. ^ Lacey, Peter (2011). "An Application of Fault Tree Analysis to the Identification and Management of Risks in Government Funded Human Service Delivery" (pdf). Proceedings of the 2nd International Conference on Public Policy and Social Sciences. Retrieved 2013-07-09. 
  3. ^ "Risk Assessment and Regulation Information from the NLM".  
  4. ^ "Databases on toxicology, hazardous chemicals, environmental health, and toxic releases". TOXNET.  
  5. ^ "Household Products Database". U.S. Dept. of Health & Human Services. January 2013. Retrieved 9 June 2013. 
  6. ^ "Risk Assessment Portal".  
  7. ^
  8. ^ Szabo DT, Loccisano AE, (March 30, 2012). "POPs and Human Health Risk Assessment". Dioxins and Persistent Organic Pollutants 3rd (Edition): John Wiley & Sons.  
  9. ^ Merrill, Richard A. "Food Safety Regulation: Reforming the Delaney Clause" in Annual Review of Public Health, 1997, 18:313-40. This source includes a useful historical survey of prior food safety regulation.
  10. ^ Managing Project Risks - Retrieved May 20th, 2010
  11. ^
  12. ^ Commoner, Barry. O'Brien, Mary. Shrader-Frechette and Westra 1997.
  13. ^ The fourth quadrant: a map of the limits of statistics [9.15.08] Nassim Nicholas Taleb An Edge Original Essay
  14. ^ "ISM CODE – Amendments from 1st July 2010 Risk Assessment". 



See also

In July 2010, shipping companies agreed to use standardized procedures in order to assess risk in key shipboard operations. These procedures were implemented as part of the amended ISM code.[14]

In shipping industry

Barry Commoner, Brian Wynne and other critics have expressed concerns that risk assessment tends to be overly quantitative and reductive. For example, they argue that risk assessments ignore qualitative differences among risks. Some charge that assessments may drop out important non-quantifiable or inaccessible information, such as variations among the classes of people exposed to hazards. Furthermore, Commoner and O'Brien claim that quantitative approaches divert attention from precautionary or preventative measures.[12] Others, like Nassim Nicholas Taleb consider risk managers little more than "blind users" of statistical tools and methods.[13]

Criticisms of quantitative risk assessment

Studies have shown that early parts of the system development cycle such as requirements and design specifications are especially prone to error. This effect is particularly notorious in projects involving multiple stakeholders with different points of view. Evolutionary software processes offer an iterative approach to requirement engineering to alleviate the problems of uncertainty, ambiguity and inconsistency inherent in software developments.

In software evolution

Quantitative risk assessments include a calculation of the single loss expectancy (SLE) of an asset. The single loss expectancy can be defined as the loss of value to asset based on a single security incident. The team then calculates the Annualized Rate of Occurrence (ARO) of the threat to the asset. The ARO is an estimate based on the data of how often a threat would be successful in exploiting a vulnerability. From this information, the Annualized Loss Expectancy (ALE) can be calculated. The annualized loss expectancy is a calculation of the single loss expectancy multiplied by the annual rate of occurrence, or how much an organization could estimate to lose from an asset based on the risks, threats, and vulnerabilities. It then becomes possible from a financial perspective to justify expenditures to implement countermeasures to protect the asset.

Quantitative risk assessment

Megaprojects (sometimes also called "major programs") are extremely large-scale investment projects, typically costing more than US$1 billion per project. Megaprojects include bridges, tunnels, highways, railways, airports, seaports, power plants, dams, wastewater projects, coastal flood protection, oil and natural gas extraction projects, public buildings, information technology systems, aerospace projects, and defence systems. Megaprojects have been shown to be particularly risky in terms of finance, safety, and social and environmental impacts.

For megaprojects

IT risk assessment can be performed by a qualitative or quantitative approach, following different methodologies.

In information security

In project management, risk assessment is an integral part of the risk management plan, studying the probability, the impact, and the effect of every known risk on the project, as well as the corrective action to take should that risk occur.[10] Of special consideration in this area is the relevant codes of practice that are enforce in the specific jurisdiction. Understanding the regime of regulations that risk management must abide by is integral to formulating safe and compliant risk assessment practices.[11]

In Project management

In the context of public health, risk assessment is the process of characterizing the nature and likelihood of a harmful effect to individuals or populations from certain human activities. Health risk assessment can be mostly qualitative or can include statistical estimates of probabilities for specific populations. In most countries the use of specific chemicals or the operations of specific facilities (e.g. power plants, manufacturing plants) is not allowed unless it can be shown that they do not increase the risk of death or illness above a specific threshold. For example, the American Food and Drug Administration (FDA) regulates food safety through risk assessment.[9]

In Public health

For audits performed by an outside audit firm, risk assessment is a crucial stage before accepting an audit engagement. According to ISA315 Understanding the Entity and its Environment and Assessing the Risks of Material Misstatement, "the auditor should perform risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control."inherent risk X control risk X detection risk.

In auditing

Intelligent thought about a reasonably full set of options is essential. Thus, it is not unusual for there to be an iterative process between analysis, consideration of options, and follow up analysis.

Stringent requirements of 1 in a million may not be technologically feasible or may be so prohibitively expensive as to render the risk-causing activity unsustainable, resulting in the optimal degree of intervention being a balance between risks vs. benefit. For example, emissions from hospital incinerators result in a certain number of deaths per year. However, this risk must be balanced against the alternatives. There are public health risks, as well as economic costs, associated with all options. The risk associated with no incineration is potential spread of infectious diseases, or even no hospitals. Further investigation identifies options such as separating noninfectious from infectious wastes, or air pollution controls on a medical incinerator.

In practice, a true zero-risk is possible only with the suppression of the risk-causing activity.

Environmental decision making allows some discretion for deeming individual risks potentially "acceptable" if less than one in ten thousand chance of increased lifetime risk. Low risk criteria such as these provide some protection for a case where individuals may be exposed to multiple chemicals e.g. pollutants, food additives or other chemicals.

The idea of not increasing lifetime risk by more than one in a million has become commonplace in public health discourse and policy. It is a heuristic measure. It provides a numerical basis for establishing a negligible increase in risk.

Acceptable risk criteria

  • to set policies for protecting the general population that are protective of such groups, e.g. for children when data exists, the Clean Air Act for populations such as asthmatics or
  • not to set policies, because the group is too small, or the costs too high.

If the risk is higher for a particular sub-population because of abnormal exposure rather than susceptibility, strategies to further reduce the exposure of that subgroup are considered. If an identifiable sub-population is more susceptible due to inherent genetic or other factors, public policy choices must be made. The choices are:

  • all infants younger than X days or
  • recreational users of a particular product.

When risks apply mainly to small sub-populations, there is uncertainty at which point intervention is necessary. For example, there may be a risk that is very low for everyone, other than 0.1% of the population. It is necessary to determine whether this 0.1% is represented by:

Small subpopulations

Finally, the results of the three steps above are then combined to produce an estimate of risk. Because of the different susceptibilities and exposures, this risk will vary within a population. An uncertainty analysis is nearly always included in a health risk assessment.

  1. Hazard Identification, aims to determine the qualitative nature of the potential adverse consequences of the contaminant (chemical, radiation, noise, etc.) and the strength of the evidence it can have that effect. This is done, for chemical hazards, by drawing from the results of the sciences of toxicology and epidemiology. For other kinds of hazard, engineering or other disciplines are involved.
  2. Dose-Response Analysis, is determining the relationship between dose and the type of adverse response and/or probability or the incidence of effect (dose-response assessment). The complexity of this step in many contexts derives mainly from the need to extrapolate results from experimental animals (e.g. mouse, rat) to humans, and/or from high to lower doses, including from high acute occupational levels to low chronic environmental levels. In addition, the differences between individuals due to genetics or other factors mean that the hazard may be higher for particular groups, called susceptible populations. An alternative to dose-response estimation is to determine a concentration unlikely to yield observable effects, that is, a no effect concentration. In developing such a dose, to account for the largely unknown effects of animal to human extrapolations, increased variability in humans, or missing data, a prudent approach is often adopted by including safety or uncertainty factors in the estimate of the "safe" dose, typically a factor of 10 for each unknown step.
  3. Exposure Quantification, aims to determine the amount of a contaminant (dose) that individuals and populations will receive, either as a contact level (e.g., concentration in ambient air) or as intake (e.g., daily dose ingested from drinking water). This is done by examining the results of the discipline of exposure assessment. As different location, lifestyles and other factors likely influence the amount of contaminant that is received, a range or distribution of possible values is generated in this step. Particular care is taken to determine the exposure of the susceptible population(s).

In the estimation of risks, three or more steps are involved that require the inputs of different disciplines:

Food risk assessment nomogram

How risk is appraised


This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from World eBook Library are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.