Rethinking Risk Matrices: Balancing Severity and Probability in Risk Management

Rethinking Risk Matrices: Balancing Severity and Probability in Risk Management

Risk matrices are widely used in various industries for assessing and prioritizing risks based on their severity and the probability of occurrence. These tools help organizations manage their risks more efficiently by focusing on the most likely and most harmful risks. However, one of the critical shortcomings of risk matrices is their tendency to underrepresent or discount high-severity, low-probability (HSLP) events, despite the potential catastrophic impacts these events can have. A recent catastrophe here in the U.S. – namely the impact and collapse to the Frances Scott Key Bridge in Baltimore, Maryland – can be used to illustrate this point and how we can seek to use some methods to improve our preparation and planning. I’m convinced that we can improve risk assessment practices to balanced approach that also addresses less catastrophic but more probable risks CAN be successful.

Risk matrices typically categorize risks into a grid format, where one axis represents the probability of occurrence and the other axis the severity of impact. This method is intuitive and provides a clear visual representation of risk. However, its simplicity can also be a drawback. High-severity, low-probability events often fall into a category that receives less attention because the sheer improbability of occurrence makes them seem less urgent compared to more frequent, moderate risks. This approach can lead to a dangerous oversight where risks capable of causing significant damage are not sufficiently prepared for or mitigated. Historical examples like the Fukushima nuclear disaster and the COVID-19 pandemic illustrate the devastating consequences of underestimating HSLP risks. Such events, although rare, highlight the critical need for a risk management strategy that does not merely focus on the "lower hanging fruit" — risks that are more probable but less severe.

To address the limitations of traditional risk matrices, several strategies can be implemented:

? Instead of relying solely on the basic risk matrix, organizations can use more sophisticated models that incorporate factors like risk velocity (how quickly a risk can impact the organization) and interdependencies among risks. Tools such as scenario analysis and stress testing can also provide deeper insights into how HSLP events might unfold and affect the organization.

? Organizations should adopt a proactive approach to risk management that includes regular updates and reviews of risk assessments, adapting strategies as new information and technologies emerge. This includes investing in risk prevention and mitigation strategies specifically designed for HSLP events, such as disaster recovery plans and business continuity management.

? Effective communication about the nature and potential impact of HSLP risks is crucial for raising awareness and securing commitment at all levels of the organization. This involves training and drills, as well as engaging external stakeholders such as local authorities and communities in preparedness efforts.

? Allocating resources in a balanced way that does not ignore HSLP risks is essential. This may mean investing in insurance, creating strategic reserves, or dedicating research and development efforts towards solutions that mitigate the impact of potential catastrophic events.

Using these suggestions, I’ve given above, here is how the City of Baltimore could have planned for this HSLP risk of the bridge strike and collapse not as an “IF” scenario, but instead – a “WHEN” scenario. A multifaceted approach involving long-term planning, budgeting, and strategic investment in infrastructure is crucial. Here’s an illustrative example of how Baltimore could prepare for such an event:

1. Comprehensive risk assessments should have been consistently conducted focusing on all critical infrastructure, including bridges. This involves evaluating the age, condition, usage, and potential risks associated with each structure. The use of advanced monitoring technologies such as sensors to detect wear and tear, stress, and other structural weaknesses in real time could have provided ongoing data to help predict and prevent potential weaknesses.

2. Ensuring that all bridges and infrastructure complied with the latest building codes that account for both current environmental challenges and future uncertainties was essential. This could have included requirements for higher quality materials, redundant structural supports, and designs that could withstand extreme weather events and other stressors.

3. Baltimore could have allocated funds specifically for infrastructure resilience in its CIP, which outlines long-term investment in capital projects. This should include setting aside significant resources for the maintenance and upgrading of bridges.

4. The establishment of dedicated, continuously growing emergency funds that could have been quickly mobilized in the event of a bridge collapse would have been of critical help.

5. Investing in and exploring new technologies that enhanced structural integrity and safety prior to the incident was critical.

6. Educating the public about potential infrastructure risks and training local emergency responders in disaster recovery operations specific to bridge collapses could have enhanced community resilience.

7. Conducting regular disaster response drills that simulated the different scenarios of bridge collapse (and/or strike, in this case) could have helped prepare emergency services and the community for actual events, improving response time and effectiveness.

While risk matrices are useful for simplifying the complex nature of organizational risks, they inherently discount high-severity, low-probability events due to their format and typical usage. By recognizing the limitations of traditional risk matrices and adopting more comprehensive risk assessment and management practices, organizations can better prepare for both the probable "lower hanging fruit" and the less likely but potentially more damaging HSLP events. Integrating these strategies will lead to a more resilient organization capable of responding to a wide range of adverse situations, thereby safeguarding its assets, reputation, and stakeholders more effectively.

James A. Junkin, MS, CSP, MSP, SMS, ASP, CSHO is the chief executive officer of Mariner-Gulf Consulting & Services, LLC and the chair of the Veriforce Strategic Advisory Board and the chair of Professional Safety journal’s editorial review board. He is Columbia Southern University’s 2022 Safety Professional of the Year (Runner Up), a 2023 recipient of the National Association of Environmental Management's (NAEM) 30 over 30 Award for excellence in the practice of occupational safety and health and sustainability, and the American Society of Safety Professionals (ASSP) 2024 Safety Professional of the Year for Training and Communications. He is much sought after master trainer, keynote speaker, podcaster of The Risk Matrix, and author of numerous articles concerning occupational safety and health.


Ben R. Brown, M.S. CSP, SMS, Maritime Expert Witness

Owner & Operator | Master’s Degree in Safety & Environmental Management, Workplace Safety Expert

6 个月

Good article, James, and good recommendations. I agree with replacing if with when. I would add SIF in the same breath as HSLF. We are good at preventing minor recordable injuries, but improvements can be made in efforts to prevent SIFs as well.

要查看或添加评论,请登录

James Junkin, MS, CSP, MSP, SMS, ASP, CSHO的更多文章

社区洞察

其他会员也浏览了