Risk Assessment Methods

Praxiom Research Group Limited

     
 

OVERVIEW OF RISK ASSESSMENT METHODS

 
     
  The following methods can be used to do a risk assessment:
  • Use a what-if analysis to identify threats and hazards.
    What-if questions are asked about what could go wrong
    and about what would happen if things do go wrong. This
    type of analysis is a brainstorming activity and is carried
    out by people who have knowledge about the areas,
    operations, and processes that may be exposed to
    hazardous events and conditions.
  • Use a checklist of known threats and hazards to identify
    your threats and hazards. The value of this type of analysis
    depends upon the quality of the checklist and the
    experience of the user.

  • Use a combination of checklists and what-if analysis to
    identify your threats and hazards. Checklists are used to
    ensure that all relevant what-if questions are asked and
    discussed, and to encourage a creative approach to 
    risk assessment.

  • Use a hazard and operability study (HAZOP) to identify your
    threats and hazards. If you need to do a thorough analysis,
    this method is for you. However, it requires strong leadership
    and is costly and time consuming. It also assumes that you
    have a very knowledgeable interdisciplinary team available to
    you, one with detailed knowledge about the areas, operations,
    and processes that may be exposed to hazardous events and
    conditions.

  • Use a failure mode and effect analysis (FMEA) to identify
    potential failures and to figure out what effect failures would
    have. This method begins by selecting a system for analysis
    and then looks at each element within the system. It then tries
    to predict what would happen to the system as a whole when
    each element fails. This method is often used to predict
    hardware failures and is best suited for this purpose.

  • Use a fault tree analysis (FTA) to identify all the things that
    could potentially cause a hazardous event. It starts with a
    particular type of hazardous event and then tries to identify
    every possible cause.

 
 

The above is based on NFPA 1600 2007 Annex A.5.3.1.

 
     
 

OVERVIEW OF RISK ASSESSMENT STEPS

 
     
 

Comprehensive risk assessments:

  • Identify the range of hazards, threats, or perils:

    • Identify the hazards, threats, or perils that
      impact or might impact your organization.

    • Identify the hazards, threats, or perils that
      impact or might impact your infrastructure.

    • Identify the hazards, threats, or perils that
      impact or might impact the surrounding area.

  • Determine the potential impact of
    each hazard, threat, or peril by:

    • Estimating the relative severity
      of each hazard, threat, or peril.

    • Estimating the relative frequency
      of each hazard, threat, or peril.

    • Estimating the vulnerability to
      each hazard, threat, or peril.

      • Estimate how vulnerable your people
        are to each hazard, threat, or peril.

      • Estimate how vulnerable your operations
        are to each hazard, threat, or peril.

      • Estimate how vulnerable your property
        is to each hazard, threat, or peril.

      • Estimate how vulnerable your environment
        is to each hazard, threat, or peril.

  • Categorize each hazard, threat, or peril according
    to how severe it is, how frequently it occurs, and
    how vulnerable you are.

  • Develop strategies to deal with the most
    significant hazards, threats, or perils.

    • Develop strategies to prevent hazards, threats, or
      perils that impact or might impact your organization
      and its people, operations, property, and environment.

    • Develop strategies to mitigate hazards, threats, or
      perils that impact or might impact your organization
      and its people, operations, property, and environment.

    • Develop strategies to prepare for hazards, threats, or
      perils that impact or might impact your organization
      and its people, operations, property, and environment.

    • Develop strategies to respond to hazards, threats, or
      perils that impact or might impact your organization
      and its people, operations, property, and environment.

    • Develop strategies to recover from hazards, threats, or
      perils that impact or might impact your organization
      and its people, operations, property, and environment.

 
 

The above is based on NFPA 1600 2007 Annex A.5.3.1.

 
 

RELATED RESOURCES

How to Perform an Impact Analysis

How to Develop a Mitigation Strategy

How to Develop a Prevention Strategy

Business Continuity Planning Topics

ISO 31000 2009 Risk Management Library

ISO 22301 2012 Business Continuity Library 

ISO 28000 2007 Supply Chain Security Library

ISO 20000 2011 IT Service Management Library

ISO 27001 and 27002 Information Security Library

ISO 14971 Medical Device Risk Management Library

 

Home Page

Our Libraries

A to Z Index

Customers

How to Order

Our Products

Our Prices

Guarantee

Praxiom Research Group Limited       help@praxiom.com       780-461-4514

 Updated on November 5, 2015. First published on December 3, 2000.

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies or to copy and paste
 any of our material onto another web site or to republish it in any way.

Copyright 2000 - 2015 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited