Skip main navigation
We use cookies to give you a better experience, if that’s ok you can close this message and carry on browsing. For more info read our cookies policy.
We use cookies to give you a better experience. Carry on browsing if you're happy with this, or read our cookies policy for more information.

Defining the traditional risk analysis process

[intro text]

As we saw previously, risk analysis is described within BS ISO31000: 2018 as:

The purpose of risk analysis is to comprehend the nature of risk and its characteristics including, where appropriate, the level of risk. Risk analysis involves a detailed consideration of uncertainties, risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness. An event can have multiple causes and consequences and can affect multiple objectives.

The organization can use a range of techniques for identifying uncertainties that may affect one or more objectives. The following factors, and the relationship between these factors, should be considered:

  • tangible and intangible sources of risk

  • causes and events

  • threats and opportunities

  • vulnerabilities and capabilities

  • changes in the external and internal context

  • indicators of emerging risks

  • the nature and value of assets and resources

  • consequences and their impact on objectives;

  • limitations of knowledge and reliability of information;

  • time-related factors;

  • biases, assumptions and beliefs of those involved.

The organization should identify risks, whether or not their sources are under its control. Consideration should be given that there may be more than one type of outcome, which may result in a variety of tangible or intangible consequences.

This typology encourages the incident manager to think widely and work collaboratively when identifying risks. This approach is reflected in many multi-agency joint interoperability processes (see the UK Joint Emergency Services Interoperability Principles).

There are a number of approaches that can be taken to identify risk, they include:

  • brainstorming

  • questionnaires and interviews

  • checklists

  • hazard and operability Study

  • benchmarking

  • consultation and discussion

  • workshops

  • incident investigation

  • audit and review

(CMI Operational Risk Management work book)

The criteria for selecting the most appropriate method can include, the complexity and size of the risks in your area of responsibility, the type and range of risks being analysed, availability of data, degree of expertise, resources required, any industry/organisational standards and how much time is available.

Your task

Looking at the various case studies illustrated within ‘Safety at the Sharp End’ (Rona Flin et al 2008). Which one could have been the subject of an analytical risk assessment and which one a dynamic risk assessment.



Share this article:

This article is from the free online course:

Managing Risk in an Emergency Context

Coventry University

Contact FutureLearn for Support