A risk assessment is a quantitative model of a system’s uncertainties and failure modes. Usually the system represents a large investment, and a major or catastrophic failure of the system would have a substantial adverse impact on the party responsible for the system’s functioning (typically its owner or producer). Failures may also result in ethically, legally, and socially unacceptable negative consequences such as loss of human life or substantial environmental damage.
A risk assessment helps the responsible party understand how the system might fail in a way that leads to unacceptable outcomes, suggesting appropriate risk-reduction activities. Frequently the model also identifies unacceptable uncertainties that the responsible party should reduce in the course of evaluating the system’s risks, to make sure the responsible party is adequately informed about the risks. Again, the model may suggest appropriate uncertainty-reduction activities. The modeling process can help raise an organization’s awareness of its risks and uncertainties, leading to increased support for mitigation activities.
Risk modeling is useful for surprisingly diverse systems. Examples include
- schedule and delivery risk for large civil engineering projects
- environmental risk for power plants
- passenger risk for motor vehicles
- employee risk at industrial operations.
Risk analysis involves a combination of qualitative and quantitative activities and methods. Often the system has a somewhat unique structure or design, so that its risks must be determined at least in part by eliciting and quantifying expert opinions, deterministic causal modeling, and stochastics simulation, as well as employing more traditional statistical methods.
As is true for decision analysis, risk analysis frequently identifies unacceptably large uncertainties about important chance events. Value of information (VoI) analysis can help the responsible party decide when to incur a small expense to reduce these uncertainties to acceptable levels, and how to do so.
The results of a risk assessment frequently motivate the responsible party to contemplate several courses of action to reduce unacceptable risks. Security & Technology Alliance Group can help the responsible party make the best possible decisions through formal decision analysis.