"There are numerous definitions of #riskassessment, and of hazard and #risk, both terms that are central to the process, and so it is useful to begin by defining what is meant by these terms within this report. A hazard is any physical situation or object that has the potential to cause harm to people, and risk is the likelihood of a specific undesired event occurring within a specified period. Risk is therefore a function of both the likelihood and consequence of a specific hazard being realised.? Risk assessment is the process of estimating the likelihood of occurrence of specific undesirable events (the realisation of identified hazards), and the severity of the harm or damage caused, together with a value judgement concerning the significance of the results. It therefore has two distinct elements: risk estimation and risk evaluation.?" #riskmanagementframework #enterprisesecurityriskmanagement #enterpriseriskmanagement #enterpriserisk #riskmanagement #safetyriskmanagement #safetymanagement #riskanalysis
"An outline of good practice in the use of #riskassessment is presented in the report, and common industry pitfalls are illustrated throughout this section of the report by the inclusion of twenty six case study examples.? The identified pitfalls were as follows: -Carrying out a risk assessment to attempt to justify a decision that has already been made; -Using a generic assessment when a site-specific assessment is needed; -Carrying out a detailed quantified risk assessment without first considering whether any relevant good practice was applicable, or when relevant good practice exists;? -Carrying out a risk assessment using inappropriate good practice; Making decisions on the basis of individual risk estimates when societal risk is the appropriate measure; -Only considering the risk from one activity; -Dividing the time spent on the hazardous activity between several individuals - the ‘salami slicing’ approach to risk estimation; -Not involving a team of people in the assessment or not including employees with practical knowledge of the process/activity being assessed; ?-Ineffective use of consultants; -Failure to identify all hazards associated with a particular activity; -Failure to fully consider all possible outcomes; -Inappropriate use of data; -Inappropriate definition of a representative sample of events; -Inappropriate use of risk criteria; -No consideration of ALARP or further measures that could be taken; -Inappropriate use of cost benefit analysis; -Using ‘Reverse ALARP’ arguments (i.e. using cost benefit analysis to attempt to argue that it is acceptable to reduce existing safety standards); -Not doing anything with the results of the assessment; -Not linking hazards with risk controls.?" #enterprisesecurityriskmanagement #safetymanagement #riskmanagement #enterpriseriskmanagement #riskanalysis #riskandcompliance #securityriskmanagement
but shouldn't RA also try to identify hazards not previously identified? the unknown unknowns?
nothing new here.
Principal, Kingswell International Ltd. registered in UK. Founder, BCI.Resigned as HonFBCI. Prof. Emeritus BCM, Telfort Business Institute, Shanghai University. Past Expert, IoSCM.Consultant, author.
2 年what value judgement? quantitative, qualitive? personal, by impact? simplemay be clever. It may also be stupid.