Risk assessment - Chapter 4-5 Flashcards
Define risk assessment
Risk assessment = risk analysis + risk evaluation
I.e. a systematic process to understand and evaluate risk
A risk assesment is the process of identifying risk events, sources threats, hazards and opportunities (middle of bowtie). Understanding how these causes can occur (left of the bowtie) and what the consequenses can be expressing uncertainties and risk (right of bowtie), characterizing the risk and determining the significanse of the risk and rank the alternatives using relevant criteria.
A risk assessment is about improving the understanding of the risk studied in order to support relevant decision making on how to handle the risk. The assessments can help us identify what might go wrong (or what can give positiveoutcomes), why and how; what the consequences are and how bad (good) they are.
What is the risk assessment process
Risk analysis is identification, cause and consequense analysis and characterization of the risks.
Risk evaluation is conserned with determining the significance of the risk and ranking alternatives related to spesific criteria.
What are the stages in a risk assessment?
Planning/establish context:
- Problem definition
- Clarify stakeholders
- Set study objectives
- Establish relevant pronciples and approach
Risk Analysis
- Identifying events
- Cause analysis
- Consequence analysis
- Risk characterization
- Studying and comparing alternatives and measures for modyfing risk
Risk evaluation:
- Judging the significance of the risks
- Ranking the alternatives and measures
Use of risk assessment:
- Use of the risk assessment in cost-benefit analysis and other types of studies
- Management review and judgement
- Decision
Discuss quality of risk assessments
The quality of a risk assessment is not determined by the ability to satisfy decision makers expectations, as this could be based on poor risk science. Rather we should focus on producing an assessment according to risk science, using the best knowledge available from the field (concepts, principles, approaches, methods and models)
A risk assessment can have high quality despite poor SoK. It can still improve understanding and support decision making. If you need an accurate prediction it would not. Depends on the criteria.
Mention and explain som common risk assessment methods.
Coarse risk assessment, Event tree analysis, fault tree analysis, block diagrams, sensitivity analysis, importance analysis
——OMSKRIV——
Coarse Risk Assessment: A preliminary evaluation method used to identify and prioritize potential risks based on their severity and likelihood, often without detailed analysis.
Event Tree Analysis: A graphical representation of possible outcomes following an initiating event, showing the sequence of events and their probabilities, leading to different consequences.
Fault Tree Analysis: A top-down, deductive analytical method used to identify and analyze the potential causes of system failures, represented graphically using logic gates.
Block Diagrams: A visual representation of a system, showing the relationship between different components or processes, often used to simplify complex systems and identify potential points of failure.
Sensitivity Analysis: A technique used to determine how different values of an independent variable impact a particular dependent variable, often used in decision-making and modeling.
Importance Analysis: A method used to rank and prioritize risks based on their significance and impact on the overall system or project.
Be able to analyze these assessment methods: event tree analysis, fault tree analysis, block diagrams and do some basic calculations
Event Tree Analysis: A graphical representation of possible outcomes following an initiating event, showing the sequence of events and their probabilities, leading to different consequences.
Fault Tree Analysis: A top-down, deductive analytical method used to identify and analyze the potential causes of system failures, represented graphically using logic gates.
Block Diagrams: A visual representation of a system, showing the relationship between different components or processes, often used to simplify complex systems and identify potential points of failure.
What are the different types of risk assessments?
In quantitative/probabilistic assessments (PRA/QRA) risk is quantified using probabilites and expected values. However risk quantification should always be supplementet with qualitative strength of knowledge judgements, leading to a semi-quantitative assessment. A full risk characterization (A’, C’, Q, K) is by definiton semi-quantitative or qualitative.
In a qualitative risk assesment, risk is expressed qualitatively, without numbers. The likelyhood of judgements are based on imprecise probailities, and hence the assesment can be interpreted as semi quantitative.
Another way to distinguish risk assesment is to look at data-driven risk assesment methods and model-based methods. Data-driven uses probability models and the main element is data and statistics. The model-based methods are used when few data are available.
Describe the bowtie model
What is the management review and judgement and why do we do it?
There is a leap between risk assessment and decision-making. It is referred to as the management review and judgment.
It is the process of summarizing, interpreting and deliberating over the results of risk assessments and other assessments, as well as of other relevant issues (not covered by the assessments, in order to make a decision).
- Acknowledge the limitations of the risk assessment
- Include other aspects of risk that are important for decision-making
A risk scientist argues that it is important to stress that the decision-making should be ‘risk-informed’ and not ‘risk-based’. Present the argumentation provided for this statement.
The key is that the risk assessment results should not prescribe what to do, as risk assessments have limitations in capturing all aspects of risks and uncertainties, and there are also different
values (we may all agree on the risks, but disagree on what to do as we have different values, what is important, how much weight to give to uncertainties, how to balance protection and
development).
The decisions basis is made up of more than just a risk description, hence we say that the risk assessment informs, or supports, the decision. It does not ‘automatically’ prescribe what the decision should be.
