Risk assasment framework

Most risk assessment frameworks contain the following steps: danger identification, hazard assessment, consequence assessment (or vulnerability assessment and elements at risk identification), risk quantification/estimation, risk evaluation and risk management. Risk management is an integrated process containing scientific and political decisions with several levels and countless back-steps and iterative loops. The final goal is to reduce the societal risk; either by reducing the probability of failure or by reducing the consequences.
 

Schematic illustration of risk management

Quantitative vs. qualitative risk
There are two types of approach to risk assessment, a qualitative and a quantitative approach. In qualitative risk assessment, the components of risk, which are basically hazard, elements at risk and vulnerability, are expressed verbally and the final result is in terms of ranked or verbal risk levels (IUGS, 1997).

Qualitative risk could also be presented as a risk matrix with qualitative hazard in first dimension and qualitative consequence in the second dimension. Qualitative risk assessment is subjective in nature. What is a low risk?

An example of biased risk perception was given by Richard Feynman after the Space Shuttle Challenger disaster: The estimates of the probability of a failure with loss of vehicle and of human life range from roughly 1 in 100 to 1 in 100,000. The higher figures come from the working engineers, and the very low figures from management.

Quantitative risk assessment involves quantification of risk components and com¬putation of risk from these components. The purpose of quantitative risk assessment (QRA) is to calculate a mathematical value for the risk which enables improved risk communication and systematic decision making (Lee & Jones, 2004).
The QRA frameworks proposed in the literature have the common objective of answering the following questions (Ho et al., 2000; Lee & Jones, 2004):

1. What are the probable dangers/problems? [Danger Identification]
2. What would be the magnitude of dangers/problems? [Hazard Assessment]
3. What are the consequences and/or elements at risk? [Consequence/Elements at Risk Identification
4. What might be the degree of damage in elements at risk? [Vulnerability Assessment]
5. What is the probability of damage? [Risk Quantification/Estimation]
6. What is the significance of estimated risk? [Risk Evaluation]
7. What should be done? [Risk Management]