Risk Analysis
Shop for Risk analysis books. Get Risk Analysis essential facts below. View Videos, Research or join the Risk Analysis discussion. Add Risk Analysis to your Like2do.com topic list for future reference or share this resource on social media.
Risk Analysis
NASA's illustration showing high impact risk areas for the International Space Station

Risk analysis can be defined in many different ways, and much of the definition depends on how risk analysis relates to other concepts. Risk analysis can be "broadly defined to include risk assessment, risk characterization, risk communication, risk management, and policy relating to risk, in the context of risks of concern to individuals, to public- and private-sector organizations, and to society at a local, regional, national, or global level."[1] A useful construct is to divide risk analysis into two components: (1) risk assessment (identifying, evaluating, and measuring the probability and severity of risks) and (2) risk management (deciding what to do about risks).[2] Some books[3] take a slightly different approach and define risk management as the overarching concept, where risk analysis is the component that seeks to identify and measure the risks and risk mitigation is determining what to do about the risks.

Risk analysis can be qualitative or quantitative.[4]Qualitative risk analysis uses broad terms (e.g., moderate, severe, catastrophic) to identify and evaluate risks or presents a written description of the risk, while quantitative risk analysis calculates numerical probabilities over the possible consequences.

Quantitative risk analysis

Quantitative risk analysis seeks to numerically assess probabilities for the potential consequences of risk, and is often called probabilistic risk analysis or probabilistic risk assessment (PRA). The analysis often seeks to describe the consequences in numerical units such as dollars, time, or lives lost. PRA often seeks to answer three questions:[5]

1. What can happen? (i.e., what can go wrong?)
2. How likely is it that it will happen?
3. If it does happen, what are the consequences?

Thus, risk R can be described as a set of triplets, R={<si,pi,ci>}, i=1,2,...,N where si is scenario i, pi is the probability of scenario i, ci are the consequences if scenario i occurs, and N is the total number of scenarios. This type of analysis typically results in a probability distribution over the consequences.

Although actuarial science has used probabilities to measure risk for more than a hundred years,[6] PRA as a specific mode of inquiry was initially developed to analyze engineering risks such as nuclear power plants and the space shuttle.[7] More recently, it has also been applied to other areas, such as business, climate change, health risks, food safety and security. Especially with the increasing importance of terrorism, game theory has become a quantitative tool to analyze the risks of intelligent adversaries who seek to do harm against a system or people. These game-theoretic techniques may be probabilistic or deterministic.

Qualitative risk assessment

Qualitative risk assessment, in absence of precise values for likelihood and consequences, assigns relative and broad classifications to the likelihood and consequences for each risk and does not build a precise mathematical model of risk as suggested by PRA. A common qualitative model is the risk matrix, which cross-references classifications of likelihood of occurrence with classifications of severity of consequences of occurrence to determine a broad classification of risk level, under the general principle that greater probability and greater severity each imply greater risk. A risk matrix is sometimes called a pseudo-quantitative method because the classifications may be determined from numbers[8] (for example, the likelihood category Unlikely may correspond to a probability of occurrence between 0.1 and 0.3).

Qualitative, pseudo-quantitative, or scoring methods have been heavily criticized because they do not obey mathematical rules and may not correctly rank risks.[9] They have the appearance of being rigorous but provide a false sense of security to those organizations that rely on them to manage risks.[10] Undertaking a full quantitative approach provides a more rigorous analysis and a better foundation for making good risk management decisions than relying on pseudo-quantitative methods.

References

1. ^
2. ^ Y. Y. Haimes, Risk Modeling, Assessment, and Management (2004).
3. ^ D. W. Hubbard, The Failure of Risk Management: Why It's Broken and How to Fix It (2009).
4. ^ M. Rausand, Risk Assessment: Theory, Methods, and Applications (2011).
5. ^ S. Kaplan and B. J. Garrick, 'On the quantitative definition of risk', Risk Analysis, Vol. 1, No. 1, 1981, doi/10.1111/j.1539-6924.1981.tb01350.x
6. ^ P. L. Against the Gods: The Remarkable Story of Risk (1998)
7. ^ T. Bedford and R. Cooke, Probabilistic Risk Analysis: Foundations and Methods (2001)
8. ^ 'System and method for risk assessment and management,' U.S. Patents.
9. ^ Cox, L.A. Jr., 'What's Wrong with Risk Matrices?,' Risk Analysis, Vol. 28, No. 2, 2008, doi:10.1111/j.1539-6924.2008.01030.x
10. ^ D. W. Hubbard, The Failure of Risk Management: Why It's Broken and How to Fix It (2009).